Data Security is critical to the health of any business, and with the Cloud, you can protect sensitive information and client records with the very latest in data protection technology. This eBook explores the methods of providing high-level security and best practices for leveraging the cloud to secure your data.
2. DATA SECURITY
AND THE CLOUDTABLE OF CONTENTS
2
CHAPTER 2
PAGE 5
HOW DOES THE
CLOUD KEEP MY
DATA SAFE?
CHAPTER 1
PAGE 4
DATA SECURITY:
TOO IMPORTANT
TO IGNORE
CHAPTER 3
PAGE 6
TAKE ADVANTAGE OF
DATA CENTERS
CHAPTER 4
PAGE 8
PROVIDE THE BEST
DATA PROTECTION
CHAPTER 5
PAGE 9
DATA SECURITY BEST
PRACTICES
D ATA S E C U R I T Y A N D T H E C L O U D
EXECUTIVE
SUMMARY
PAGE 3
3. Today, stories of major data breaches have dominated
the media, from Target and Home Depot credit card
theft to health record hacking at Anthem. In this era of
Big Data, financial and personal information becomes
a target with information sold to the highest bidder.
Companies that fail to protect themselves lose money,
customers and their reputation. For all industries, data
security is a critical component of business strategy and
health. You must consider data security if any of your
employees are physically connected to the Internet
or other public data networks,regardless of size and
scope of operations. Leveraging the cloud to integrate
the latest security technology is one way to ensure
your business receives high-level data
protection. This ebook provides an
overview of data security and best
practices you can employ to keep
your data safe.
EXECUTIVE SUMMARY
3
D ATA S E C U R I T Y A N D T H E C L O U D
4. Data security refers to protective digital privacy
measures that are applied to prevent unauthorized
access to information assets such as computers,
databases and websites. With the proliferation
of digital data, it’s a top concern and priority for
businesses of all sizes, in all industries. Take into
consideration these facts about data security:
>> Roughly 55% of small businesses have experienced
a security breach1
>> 30% of cyber attacks are aimed at small companies2
>> In 2014, the average cost of a data breach to a
company was $3.5 million, which is 15% more
than what it cost in 20133
>> A laptop is stolen every 53 seconds in the U.S.4
4
D ATA S E C U R I T Y A N D T H E C L O U D
DATA SECURITY: TOO
IMPORTANT TO IGNORECHAPTER 1
1
2013 Small Business Security Survey. National Small Business Association. 2013.
2
Internet Security Threat Report 2014. Symantec Corporation. 2014.
3
2014 Cost of Data Breach Study: Global Analysis. Ponemon Institute. May 2014.
4
Stuart, Keith. Having your laptop stolen is traumatic. The Guardian. January 2015.
5
2014 Cost of Data Breach Study: Global Analysis. Ponemon Institute. May 2014.
6
Data Breach: Is Your Business at Risk? Commercial Risk Insurance.
If a cyber attack or breach occurs at your agency, consider
the financial impact. For every record stolen, companies
stand to lose up to $188 per record.5
While financial loss
can eventually be regained, loss of reputation and customer
loyalty can be permanent. Four in 10 customers will consider
leaving a company if their information is lost or stolen.6
It’s
also critical to protect your clients’ personal and financial
information for compliance with various data protection laws.
As a trusted advisor, your client relationships go beyond just
risk management services you provide; your clients expect
you to safeguard their personal information and privacy. You
cannot afford to be unprotected.
5. HOW DOES THE CLOUD
KEEP MY DATA SAFE?CHAPTER 2
At the most basic level, the cloud is a delivery
mechanism for IT services over a network, allowing
you to receive information technology such
as applications, data and security as a service.
Traditionally, many businesses, including agencies,
purchase hardware and software, and operate
it themselves or with the help of an outside
company. The cloud provides an alternative option,
and represents a shift from the traditional way in
which agents view IT. More and more companies
are running some or all of their critical business
applications in the cloud, and enabling clients to
connect with them online. In almost all cases, client
data is just as safe or safer in the cloud than in in-
house agency systems. In fact, most data breaches
involve on-premises data center environments.
5
D ATA S E C U R I T Y A N D T H E C L O U D
So how does the cloud environment work? The cloud
environment includes secure data centers that control
computing operations. These remotely-accessed centers
are home to the servers that host software and process,
store and protect data. Data and applications remain
centralized in the data center facility while users operate
in a virtual atmosphere through a wired or wireless
Internet connection. With the cloud, there is no longer a
need to store or back up data to removable media such
as flash drives or CDs that can be lost or stolen.
In an online environment, information can be accessed
on a laptop, tablet computer or smartphone anytime,
anywhere an Internet connection is available. Users have
more access through more devices in more locations.
This kind of 24/7 on-demand service is a central
component and provides a significant advantage.
6. Most insurance agents do not have the resources,
expertise, time or money to match what data
centers provide. Besides providing data security,
data centers themselves are physically secure sites,
staffed 24/7 with additional monitoring through video
surveillance. These strict security standards require
levels of redundancy and other measures that
cannot be duplicated in typical offices.
TAKE ADVANTAGE OF
DATA CENTERSCHAPTER 3
D ATA S E C U R I T Y A N D T H E C L O U D
“We cannot provide the same environment that
Applied can provide for us. Whether that’s data
security, reliability, the cost of maintaining the
servers or doing upgrades for us, the Applied
environment is much more robust than what we
could do on our own.”
JOHN GAGE
Systems Administrator
Knight Insurance Group
6
7. When choosing a data center option, be sure it
measures up to these standards:
99.9% uptime
Tier 3+ facility, as defined by the Uptime Institute
AES-256 data-at-rest-encryption (DARE)
128-bit, bi-directional, packet-level encryption
Regular auditing against SSAE16 SOC 2 standards
Automatic antivirus and software updates
Site redundancy for backup
Built-in firewall and intrusion prevention system
Nightly backups
Automatic download of agency data
Maintaining critical business information in a
secure data center provides an extra layer of
data protection. In addition, your business benefits
from implementing more efficient data
management and data access processes.
Often, with a cloud-based system,
applications and supporting software
update automatically, so your business
continually runs the latest software
versions without incurring delays or extra
expenses that may be required for manual updates.
7
D ATA S E C U R I T Y A N D T H E C L O U D
8. For insurance agencies, one of your most valuable
assets is your client data. When physical damage
occurs affecting your business and clients in the
area, you must respond. Servers and tapes can
be damaged, but in the cloud, the data is safe and
accessible. Consider data security as part of your
business continuity plan.
Any number of problems can compromise agency
data, from theft of sensitive customer information, to
natural disasters and cyber attacks. Online solutions
can assist in mitigating risks and keeping your agency
up and running should your business operations be
interrupted. Physical and electronic security deliver
data protection beyond what any individual agency
can offer, as well as providing minimal downtime
due to scheduled upgrades. If your agency’s internal
computers or offices become inaccessible, online
solutions are readily available from any secure
Internet connection.
PROVIDE THE BEST
DATA PROTECTIONCHAPTER 4
8
D ATA S E C U R I T Y A N D T H E C L O U D
9. There are a number of precautions you can take
to ensure better data security. Your agency cannot
afford to take chances with security. If your company’s
data is lost, the cost to recover or recreate it can be
insurmountable. When developing a data security
plan, remember these best practices.
DATA SECURITY
BEST PRACTICESCHAPTER 5
9
D ATA S E C U R I T Y A N D T H E C L O U D
Encrypt your data – Encrypting data helps to
prevent the accidental loss of sensitive or protected
information, including data classified as Personally
identifiable information (PII). A Secure Sockets Layer (SSL)
certificate is also important to secure your site, encrypting
the communication between the user and the website. For
secure remote access, you should also set up a virtual private
network (VPN )security measures to standardize security
software across your agency.
Leverage network-based security hardware and software –
Use firewalls, gateway antivirus, intrusion detection devices,
honey pots and monitoring to screen for denial-of-service
(DoS) attacks, virus signatures, unauthorized intrusion, port
scans, and other “over the network” attacks and attempts at
security breaches.
10. Data security should be a part
of every business strategy and
technology program. By following
these best practices, you are
taking steps to safeguard your
data and your business’ reputation.
Learn more about the cloud and
data security and discover how
Applied can be your data
security partner.
10
D ATA S E C U R I T Y A N D T H E C L O U D
Protect outbound data –Transport Layer Security (TLS) email
encryption should be used for outbound emails, especially
when emailing sensitive information. Data loss prevention
(DLP) is a strategy for making sure that end users do not send
sensitive or critical information outside the corporate network.
Consider creating a DLP strategy at your agency.
Secure your technology against viruses and malware – It is
important to run antivirus software on your computing assets,
such as desktops, laptops and tablets. Programs can be run at
regular intervals to scan for viruses. It’s critical to continue to
patch your operating systems and all third party software, as
well as keep your antivirus software up to date.
Vulnerability management – Periodic vulnerability
assessments evaluate the effectiveness of security control
solutions. You should conduct periodic vulnerability
assessments of critical systems, those systems exposed
on the Internet, or as determined by legal, regulatory or
compliance requirements. This includes running internal and
external vulnerability scans often.
Educate your users – It is essential to create a culture of
security and ensure all employees are aware of the data
security plan. Encourage them to create strong passwords
that are frequently changed. Staff should remember to always
log out of the system when away from their computer and be
careful when selecting unauthorized Wi-Fi networks.