Growth Customer Experience Productivity Business IQ Trends Success Stories Tech Solutions Awards Business Tools Subscribe Tech Enquiry
Tech Solutions

Securing your cloud: 5 essential steps

Smarter Staff
Smarter Writer

This article has been written by the Smarter Business™ Staff Writers

Smarter Staff
Smarter Writer

This article has been written by the Smarter Business™ Staff Writers

As your business grows, your demands for cloud services will rise in tandem. And with increased cloud use and more elaborate systems, security should become an increasing consideration.

As long as you understand and implement appropriate strategies to secure your data in the cloud, it doesn’t need to be daunting. The more you know, the better decisions you can make. Here are five steps you can take to keep your information secure.

man monitoring server Cloud security is essential for businesses of all sizes.

Own your own data and processes

Cloud adoption raises important questions about responsibilities: when it comes to security, which responsibilities belong to the tenant (the user of the cloud service) versus the cloud vendor?

In a similar fashion to leasing physical space, make sure you have a clear understanding of your rights as a tenant before you enter into any arrangement. Here are just some of the considerations to keep in mind:

  • Like leasing physical space, you need to know the full layout to make sure it suits your needs.
  • Determine what data security measures are provided by the vendor for cloud storage and you’ll need to provide for transfer and access. How do you this find out? Ask the vendor.    
  • Maintain clear architecture documentation that describes your system components and the interfaces between them.
  • Be proactive in your security procedures so you can respond to any event, such as developing a security policy that includes an incident response plan, for a start.

Success in the cloud begins with a secure cloud strategy.

Find out more

Define your scope

The word 'cloud' cannot be defined as any one single product or service. It pays to be aware that there are different classes of cloud products on the market.

Different cloud components come with their own (sometimes markedly different) security concerns, so you need a different set of assessment skills for each.

A security audit of a cloud gateway, for example, might only tell you about the security of the product used to simplify private and dedicated connectivity to any number of cloud vendors. It won’t tell you anything about the security of products behind that gateway.

Define your deliverables

How do you know if you’re spending too much or too little effort on checking your cloud?

High-profile service failures brought about by poor planning are frequent and painful reminders of how quickly everything can go wrong with potentially disastrous results. Plus, every time we see a news report of hackers making off with thousands of user details and passwords from a major brand we'rereminded that data security breaches can and do happen quite regularly.

Security testing can’t be pushed down a to-do list; it has to be consistent and constant. And security isn’t just about compliance. Compliance is only ever a snapshot of your security against a specific set of requirements.
Do the risks of outsourcing data and processes to the cloud outweigh the benefits? Often the answer is tied to how well prepared your business is to deal with security incidents. It comes down to how well you can mitigate issues and reduce risk. 

A major benefit of cloud is access to flexible infrastructure and information. But no cloud certifications are a substitute for defining your own security framework. Define your processes, deliverables and risk assessment. Through good management you can make great use of cloud products without losing control of your security architecture.

Learn about PCI-DSS compliance

The security of customer data is vital for any business, but especially critical for businesses that need to handle payment data.

The Payment Card Industry - Digital Security Services (PCI-DSS) publishes a set of 12 guidelines, which are assessed during a PCI audit process. All Australian businesses that accept card payments need to be PCI compliant, regardless of business size. So you should use these self-assessment tools to examine your overall risk.

Compensation costs, legal fees, bank fines and damage to your reputation are only some consequences to consider.

PCI-DSS compliance should be an ongoing process, not a one-off. PCI compliance is expected of all Australian businesses, irrespective of their size.

Consider IRAP assessment

Another acronym, IRAP stands for Information Security Registered Assessors Program. While well-known cloud services, like Office 365, attain at least the minimum of Australian compliance, businesses with a mixture of cloud infrastructure that want an independent assessment of their interwoven cyber security needs can access it handy tools via the Australian Government’s Australian Signals Directorate.
IRAP is designed to meet any level of security required by government departments, and any business can take advantage of free online resources including lists of cloud products that have been IRAP assessed and IRAP Tool Kits.
IRAP is useful, but it’s important to be aware that compliance frameworks are only tools. Security in the real world requires real effort.
Your tax dollars fund the ASD, which is tasked with providing high-quality current information on security needs, so take advantage of it!
If you ever need to commission an IRAP assessment, make sure to allow enough time, not only to conduct the review, but also to deal with any potential issues. Certified IRAP assessors deliver an independent assessment of your system, suggest how to mitigate any issues and also highlight any ongoing risks. 

Cloud services can provide amazing value for business. Cloud security is worth the effort.

Originally published April 5th 2017. Updated May 2nd 2019.    


Need expert advice to help secure your cloud?

Get 24/7 tech support with Telstra Business Cyber Security Services.

Find out moreNeed expert advice to help secure your cloud?

Open for business sign
How-to: Keep your business thriving during COVID-19

Australian businesses are adapting to life in the time of COVID-19. With some quick thinking and a little ingenuity, businesses across the country are finding opportunity in th...

Cat Webb of Good Times Pilates
Responding to COVID-19: A Q&A with Cat Webb, owner and operator of Good Times Pilates

Good Times Pilates in Melbourne’s inner-north is more than just a place to work out. If you’ve been before, you’ll remember the delightful scent, the quality service and the su...

William On Shippit
Responding to COVID-19: A Q&A with William On, CEO and co-founder of Shippit

Shippit is a technology platform that powers delivery for retailers across Australia, connecting e-commerce stores with courier companies. When the realities of COVID-19 struck...

Man smiling working from home
Make working from home work for you

Turn your home office into a productive hub by dressing the part, utilising time-saving technology and maintaining work-life balance. If you have the right building blocks in p...