Identity protection fit for the cloud
Both consumers and businesses are beginning to gravitate toward the convenience and efficiency of cloud computing for a wider range of services. However, users must be aware of the unique online security dangers common to the new platform and take appropriate action to protect their identities.
According to InformationWeek contributor and Intel architect Bruno Domingues, each new cloud service a user adopts will require a new set of log in credentials. For tech-savvy consumers, and many business professionals, this could mean having a dozen or more unique accounts to manage. Naturally, users may be tempted to memorize a handful of password combinations and rotate them around various sites.
"The consequence of this approach is obvious: If someone has stolen your information for one service, they will probably compromise your identity for several others," Domingues explained in his latest column.
To guard against this danger, experts recommend using a password organizer tool that automatically generates and manages credentials for each new account.
It is also worth mentioning the inherent vulnerabilities that arise from some methods of accessing cloud services. In many cases, businesses are leveraging the technology for greater employee flexibility and allowing their workers to access materials remotely, from a range of devices.
Once outside the company network, online security is often a bigger challenge. Whether they are accessing the internet through the router in their home office or via public Wi-Fi in an airport terminal, chances are the online environment does not have the robust defenses of a corporate network.
This makes stronger passwords all the more important.
"Instead of just having to contend with people inside the company trying to guess other people’s passwords, you now have all the hackers on the internet having a go," explained Cloud Tweaks contributor Richard Morrell. "They have tools that can try 100,000 password combinations in less than a minute and nothing better to do."
With sensitive business data at stake, IT professionals will have to intervene as they will ultimately be held accountable. While educating users on best practices is a worthwhile pursuit, merely relying on the best judgment of employees could be a decision they come to regret.
Instead, Morrell recommends more aggressive action. On top of the insurance provided by password manager software, administrators must go deeper to provide complex data encryption, threat protection for PC and mobile platforms and access governance tied to worker-specific job functions.
