Securely Using the Cloud
Cloud computing is a general term that refers to the delivery of different services such as data storage, servers, databases, networking, and software over the Internet or virtual space instead of on a computer’s hard drive. Cloud-based storage allows for information to be accessed remotely from any Internet connected device, anywhere in the world making it extremely convenient for many organizations.
Carnegie Mellon University offers secure, encrypted cloud-based solutions such as Box and Google Drive to its community members for easy collaboration and data storage. Individuals who utilize these cloud-based solutions should review the tips below ensure their data remains secure.
- Use Permissions: When a folder or file is shared it’s usually in the form of a link or permission using the recipient’s email address. Consider setting different levels of access for senior members of staff or on a need-to-know basis. Permission-based access can make it harder for a hacker to get through each layer of permissions.
- Manage File and Folder Sharing: Protect stored data by only allowing specific people (or groups of people) shared access to the particular files or folders associated with that link. When using Box or Google Drive it is always safest to share the file or folder with Carnegie Mellon University members only unless there is a business justification.
- Audit Files and Folders: Periodically review the shared files and folders and remove the shared access when it is no longer necessary.
If using a personal cloud-based storage solution it is recommended that individuals use a trusted cloud-based solution that offers encrypted storage. In addition to the tips above, any community members who use a personal cloud-based storage solution at home should take the following proactive security measures on their accounts. Remember that personal cloud storage accounts are not acceptable for Carnegie Mellon University work.
- Use Strong Authentication: Make the cloud account password long and complex. One way to do this is to use a passphrase instead of a password. The password should not be used for any other account. Furthermore, ensure that the cloud solution offers two-factor authentication (2fa) and enable it on the account for an added layer of security. 2fa will help to prevent a hacker from accessing your data even if the password becomes compromised.
- Enable Account Alerts: Most cloud services will have a notification feature which alerts users to new logins, as well as when new files or folders are shared and deleted. Be sure to enable those alerts to maintain awareness of what is occurring within your cloud account.
- Use Backup and Recovery Options: It is convenient to dump all types of data into one cloud solution however this creates a single point of failure. Instead, be familiar with your service’s backup, retention and restore capabilities, and possibly safeguard duplicate copies of the data into another repository such as a 2nd cloud storage solution or hard drive.