Technology

Tips to Help You Mitigate Cloud Security Risks

Published: June 20, 2019

Despite its risks, cloud storage and access is a major way to bring your agency or brokerage into the digital age. With it, comes efficiencies both for agents and brokers, as well as for clients.

Today, the increased “risk” of cloud storage and access is non-existent. Let me explain…

People have a belief that moving your information to “cloud” systems make it riskier than keeping that data in house. The only way that would be true is if your local system was physically disconnected from the public internet. A hacker is as likely to break into your personal connected system as they are a public one. I’d go so far as to say that your data in a cloud provider’s data center may be more secure than something can do locally (for the greater majority of agencies) solely because of the ability of the provider to have procedures and eyes in place to monitor for such breaches—above what you may be able to do. Remember, whether you secure your data locally in your own data center, or send it out to a cloud provider like Applied Systems, you still need to secure your local networks and hardware, or you risk breach anyway.

To mitigate cloud security risks, here is my advice.

Deny first

Take a denial approach to systems and access. Meaning, don’t just let anyone connect anything to any network (phones, home pcs, etc.). Don’t allow full access to the internet, and whitelist approved sites instead of blacklisting specific ones. Disable network jacks that may not have anything plugged into them.

Don’t neglect desktops

Experience has shown that the move to the cloud to provide always-on access for needed systems, like EpicOnline, leads some to neglect their local PC security because the “cloud” is secure. It is, but your lack of security on the desktop negates the security that people like Applied Systems put in place. If an attacker can control your machine, and you have access to your secure data, then so do they.

Achieve consistency

Consistency is key to securing anything, not just cloud and cloud access. Make sure that you have policies in place to provide consistency across the network. Access controls, computer deployments and maintenance, saying no to BYOD, etc.

Closing Thoughts

If you are not comfortable with use of the cloud, avoidance is not the answer. Avoidance from discomfort is a bad path; however, if you have done the homework and specifically choose NOT to deploy something in the cloud or make a specific tech change, that’s not truly avoidance (as this article suggests). Some firms leap at digital transformation without doing enough due diligence and end up virtually flattened at the bottom of a canyon, much like Wile E. Coyote. It takes time, funds and the right partners to move you forward… take the time, fund it properly, use the right partners and you will achieve your goals. I worded that specifically—achieve your goals—the point is make the goals, then use the proper technology to get there. Don’t just leap.

My best advice if you still find the cloud daunting? Education. That sounds simple, but education is the answer to everything. If you have a fear of the cloud, or think there is too much to know, figure out what part you need to know or do today, then learn what it’s about. The fear and feeling that it’s daunting will fall away in short order. Then rinse and repeat, move to another focus and learn about that. Agencies who’s staff (top to bottom) educate themselves on cloud security will find themselves at the financially stable side of growth. Not only will they be better able to position themselves and their firms for stability and growth, but they can answer their clients’ needs and provide comfort to them as well, which leads to greater investment on their behalf.

Nicholas Oliver has over a quarter of a century of technology experience, most of which was spent in and around agencies and moving them forward. He started with an agency-focused technology firm (AIS Technology) back in 1998 and grew that into becoming a highly successful, nationally recognized leader in insurance automation. In 2016, he merged AIS with another firm with the goal of bringing his ability to securely manage remote clients to another team of professionals who wanted to grow nationally. Nick spent a year and a half working with that firm, but was unable to move them in the direction he anticipated, so he started over with Joe Esser, and now Redbird Security is on the rise.