Top Threats to Cloud Computing #3: Malicious Insiders
“Keys retained, enterprising employee works late into the night (well, at least until The Boss has gone home) then goes into the server room and pulls out The Big Book Of Passwords. Enterprising employee then proceeds to delete the account with the cloud computing provider, taking out the e-mail (along with many other things). 10 years worth of company e-mail nullified with a keystroke.”
Sound familiar? We’ve heard this story and many other tales of disgruntled employees all too often, and cloud computing is no exception. Besides scrutinizing your employees’ every move (which might make happy employees join the disgruntled), what can you do to make sure their access is appropriately restricted and quickly revocable if necessary?
- Control the access. It’s common sense that no employee should have the level of access necessary to nuke your entire cloud computing system. Make sure there are checks and balances in place and that sensitive information is accessible only to those who truly need it in order to be able to do their job properly.
- Make sure it’s easy to revoke access to sensitive information at a moment’s notice, especially on mobile devices. Google offers the ability to remotely wipe mobile devices, and more companies are following suit. Check into these solutions sooner rather than later.
- Have a good BYOD policy implemented, explained and signed off on by the entire organization. Make sure employees understand what they can and cannot access via mobile devices, how they should access it, and keep data security in mind when granting access mobile access to your company’s data. There are good tips on writing your company’s BYOD policy here.
It’s unpleasant to think that someone in your midst might be collecting a paycheck and planning to repay you with malice. But it does happen. Taking measures to protect yourself doesn’t mean you don’t trust your employees; after all, you may be a terrific driver, but you still buy car insurance. Take measures to insure that your employees can’t ruin you – you might be saving both parties a lot of stress later.