Donald Meyer, the vice president of cloud solutions at Check Point Software Technologies Ltd., has some advice for any business looking to keep their data, and their customers’ data, secure.

“The cloud has different meanings to different organizations,” he says. “The most difficult part is putting the right strategy in place to adapt a business while also continuing to comply with regulatory mandates and infuse security into this infrastructure while maintaining visibility, control and a seamless experience from end to end.”

Shoring up the weak links

One of the biggest concerns for an organization looking to move more data over to the cloud, Meyer continues, is security from cybercriminals. Many organizations will use sophisticated security and encryption to protect their most sensitive data while leaving the less sensitive data relatively open. “The problem, he says, is that if hackers can gain access to the less sensitive data, they now have an entryway into the entire infrastructure and everything is at risk.

“‘If you use cloud services, understand that you are exposing your organization to potential risk.’”

“Data is king, and the bad guys are really shrewd,” Meyer contends. “They realize that the bulk of the sensitive data is under very strong security measures and being controlled. But what organizations fail to do is to lock down and use the same types of controls over benign applications or benign services that may not be as sensitive. So attackers are shifting their tactics toward targeting these less secure more ambiguous or more benign types of services as an ‘in.’”

Best practices

With that in mind, Meyer has some recommendations for any business enterprise looking to minimize their risk. He stresses that one doesn’t need technical expertise to implement these changes; that’s for the experts. Businesses just need to approach cloud security with a strategy in place.

“If you use cloud services, understand that you are exposing your organization to potential risk,” he sums. “Bringing security into that environment is highly recommended.

“Second, set up a consistent set of policies; understand how you want to use this infrastructure and find a way to be able to enforce your policies. And finally, make sure that connection is well-protected, both from the corporate end and the cloud provider end, so you’re looking at the traffic that’s coming through that pipe and making sure that it’s what you want for your environment—that you can stop any threats before they even get a chance to get into your network.”