Cloud computing has caused many changes over the past few years. More businesses are migrating to the cloud. They realize that there are many benefits to cloud computing, but don’t always change their company’s organizational policies accordingly. One mistake many businesses make is failing to set security standards and ensuring their provider adheres to them.
NASA recently developed its own data center to store information. The organization made a number of mistakes that should have been avoided.
NASA’s Cloud Computing Security Mistakes
NASA is one of the prominent technology trendsetters in the world. They should have known how to develop a security policy and execute it properly. However, the organization came under fire when the Inspector General found that they didn’t take all necessary precautions. Here are some of the mistakes that NASA made and what you should to avoid them yourself.
Keeping Wrong Data on Public Cloud
Investigators found that NASA kept some highly sensitive data on the public cloud. Some of this data was there for over two years.
NASA was cleared to keep some information on the public cloud. There are times when this is a good idea. It can be more cost-effective to have some data on public cloud storage. Also, you may want the general public to be able to access some information.
The problem is that many organizations don’t think carefully enough about what types of information they should be sharing openly. You will need to review all of your data and decide which information should be stored on private cloud hosts.
Failing to Choose Contractors Carefully
Investigators found that NASA wasn’t being careful with the contractors that it worked with. You will want to make sure that every contractor has the right skills and clearance to access any part of your network. You should also do a thorough background check on them to make sure they are trustworthy.
The contractors NASA used didn’t seem to do anything malicious. However, there is nothing to stop unscrupulous people from selling your data to your competitors in the future.
Not Sharing Standards with Employees
Many NASA employees with access to the cloud never heard of the company’s security policies. NASA should have shared this information with every employee who would be on the organization’s cloud network.
Writing the best security policy in the world won’t do your company any good if it isn’t implemented. Your employees need to know what is expected of them and what the ramifications are if they don’t comply. You should share these protocols with them and make them sign off on them before they are allowed to access any of your data.
Make Security a Top Priority
Overall, cloud computing is more secure than other methods of storing data. However, some practices are much more secure than others.
Many businesses don’t understand this and fail to develop a cloud security model. Even some of the largest organizations in the world don’t always protect their data carefully enough. You will want to take the time to do so and ensure all of your employees understand them.
Image courtesy of Vichaya Kiatying-Angsulee at FreeDigitalPhotos.net
