Cloud based Sales Software: 4 important aspects of IT security
This article is the second part about cloud based software. In the first part, the advantages and disadvantages were highlighted. Now we will talk about security.
Anyone who obtains sales software from the cloud cannot avoid security-related aspects. In this article, we highlight four security solutions that companies should consider when using the cloud.
To stay competitive, many companies are turning to data-driven business models. That means that the amount of data is growing exponentially. By 2025 alone, Microsoft predicts that the amount of data produced will be 175 zettabytes. A zettabyte is a billion terabytes.
Cloud computing is what makes the processing of these data volumes possible in the first place. But the cloud, or cloud-based systems, also pose a potential risk to users.
For example, the 2019 study “Economic protection in the digital world” by Bitkom e.V. came to the following conclusions:
– 88 per cent of the companies surveyed were affected by data theft, industrial espionage or sabotage in 2019; in 2015, the figure was 79 per cent.
– 21 per cent were affected by the theft of sensitive digital data and information
– 26 per cent of the stolen data was financial data; 23 per cent was customer data
The survey polled 1,070 companies with ten or more employees in Germany.
On the one hand, the security of sales software in the cloud ensures compliance with legal requirements and rules. At the European level, this is the General Data Protection Regulation (DSGVO), for example.
On the other hand, IT security in the cloud involves protecting information (data), applications and infrastructures associated with cloud computing.
There are three essential aspects of IT security for modern sales software from the cloud for you in the following.
Protection of mobile devices through endpoint security
Working in a home office or remotely, accessing company data and applications via mobile devices (Bring Your Device, BYOD) such as smartphones, laptops or tablets, is a significant gateway for attacks from cyberspace.
As Trend Micro and Kaspersky confirm, the number of attacks on the home office has risen massively since mid-March 2020. The most significant security risks lie in unsecured home networks and unprotected access to the corporate intranet.
There are many risk scenarios for remote work.
For example, mobile devices can be stolen or lost, and cybercriminals can hack into employees’ network and communications connections. The crux of the matter is the data exchanged when connected to the Internet via interfaces such as Bluetooth, GSM, USB, GPS or NFC. For the protection of mobile devices, experts recommend the following points, for example:
1. companies should not use outdated hardware, which often lacks security and management controls. If companies provide mobile devices or employees use their own, they should support policy management and regular security updates.
2. create security policies when users’ have their own mobile devices (BYOD). If companies provide mobile devices themselves, they should use mobile device management (MDM) to grant all users only limited usage rights. That ensures control of all mobile devices in use.
3. Restricting the installation of apps and software. Or clarify which programs and apps you can install. That also applies to us in particular for a BYOD strategy. If, for example, you use a mobile end device for business and private purposes, there are suitable applications that set up two profiles (business and private) on the end device. That ensures that people don’t use private apps for business purposes, and the other way around.
Secure login with multi-factor authentication
Multi-factor authentication (MFA) is about proving a user’s identity when logging on to a system (for example, a company network) and ensuring access to the system and its resources. Known is the usual login process by entering a user name and a password. In the MFA process, proving identity requires two or more separate steps which must provide specific credentials or particular conditions.
In practice, people use MFA increasingly for cloud services. In this process, users are sent a verification code via SMS or e-mail after entering their username and password. Entering these unique values then corresponds to the additional authentication step.
Trusting no one with the “Zero Trust” security concept
What the “zero trust” model is all about can already be seen from the term. The philosophy behind this security concept:
Do not trust any user or device inside or outside your network!
In practice, this means:
You need to check all data traffic, and all users must authenticate themselves. This security concept intends to minimize the risk to company networks and applications; the aim is to exclude external threats and potential internal dangers. The difference between this and traditional security concepts is that these only classified external data traffic as dangerous while they trusted internal users and services.
“Zero Trust” works like this in practice:
– All users and applications must authenticate themselves.
– You should always encrypt data traffic; encryption occurs when data is stored and transmitted at the network and application level.
– All IT assets must be inventoried and required access rights to applications or devices must be precisely defined.
Systems must be in place within the company’s network and at the network, boundaries to analyze, permit, or prohibit data traffic and record all log files actions.
Comprehensive threat prevention with Unified Threat Management
Unified thread management combines multiple security functions into one security solution. From endpoint security to data protection policies to automated investigation and defence against cyberattacks, organizations can manage all IT threats with threat management.
The critical thing with threat management is that all the security solutions used in the enterprise prevent cyberattacks from communicating and exchanging signals. Here’s a simple example:
An attack through a malicious e-mail attachment can cause damage to the device in which you open it.
The security software that secures the inbox and e-mail servers notifies this threat. That can prevent e-mails with the same attachment from being delivered in the first place if another attack happens.
Important aspects of IT security – Conclusion:
Anyone who uses software and services from the cloud cannot avoid security aspects.
This necessity is obvious because companies pass on control of internal company data and information to the cloud operator by taking this step.