Have you told your employees about the risks of non-compliance with enterprise security policies? If you have not or your employees are regularly ignoring the dictates of the company policy, there is trouble brewing for your organization. You need to either increase communication up and down the enterprise hierarchy to ensure that your employees are more data security conscious. Alternately, you need to subtly enforce the enterprise security policy by building it into the very process of executing the task.
Security consciousness begins at home. Technical risks cannot be separated from business risks while evaluating business risks. The Chief Security Officer (CSO) of the organization must communicate the importance of compliance with the security policies of the organization. The involvement of the top management and the use of the language of business in the process of communicating the procedural and technical risks involved in security non-compliance will help reinforce the message at all levels of the organization.
Information technology and data security can be additionally and subtly enforced at the hardware and software level. Access to hardware can be physically restricted. Access to software and data can be enforced with authentication and authorization requirements.
Cloud backup service providers are conscious of the number of security concerns that plague organizations migrating and accessing data in the cloud and make a lot of effort in creating hardware and software constructs that enforce enterprise security policies. Employees cannot compromise on data security due to their carelessness or ignorance. They cannot bypass the checks and balances that are built into the presentation layer or reinforced by the cloud authentication server.
At the point of backup, the cloud backup Administrator has the facility to define an impregnable (256 bit AES or DES or blowfish) encryption key that will remain inaccessible to the unauthorized persons, including the service provider. At the point of access, employees cannot create workarounds to information security controls in cloud backups. Administrative control is centralized and users need to login to the enterprise cloud backup account with a valid user id and password that is defined by the Administrator at a central management console. As a result, employees cannot compromise the information contained in the cloud backup unless they share their user id and password with unauthorized individuals or access the information for unlawful purposes. Even these actions can be logged and tracked as the user logs are always on. Alerts are generated every time attempts are made at unauthorized access to information.
So, if you have not begun the exercise of telling your employees about security or enforcing security subtly, it is time to do just that. The survival of your business depends on it!