Embed Size (px)
Citation preview
Data Security and the Cloud
DATA SECURITY AND THE CLOUD TABLE OF CONTENTS
2
CHAPTER 2
PAGE 5
HOW DOES THE
CLOUD KEEP MY
DATA SAFE?
CHAPTER 1
PAGE 4
DATA SECURITY:
TOO IMPORTANT
TO IGNORE
CHAPTER 3
PAGE 6
TAKE ADVANTAGE OF
DATA CENTERS
CHAPTER 4
PAGE 8
PROVIDE THE BEST
DATA PROTECTION
CHAPTER 5
PAGE 9
DATA SECURITY BEST
PRACTICES
D A T A S E C U R I T Y A N D T H E C L O U D
EXECUTIVE SUMMARY
PAGE 3
Today, stories of major data breaches have dominated the media, from Target and Home Depot credit card theft to health record hacking at Anthem. In this era of Big Data, financial and personal information becomes a target with information sold to the highest bidder. Companies that fail to protect themselves lose money, customers and their reputation. For all industries, data security is a critical component of business strategy and health. You must consider data security if any of your employees are physically connected to the Internet or other public data networks,regardless of size and scope of operations. Leveraging the cloud to integrate the latest security technology is one way to ensure your business receives high-level data protection. This ebook provides an overview of data security and best practices you can employ to keep your data safe.
EXECUTIVE SUMMARY
3
D A T A S E C U R I T Y A N D T H E C L O U D
Data security refers to protective digital privacy measures that are applied to prevent unauthorized access to information assets such as computers, databases and websites. With the proliferation of digital data, it’s a top concern and priority for businesses of all sizes, in all industries. Take into consideration these facts about data security:
> Roughly 55% of small businesses have experienced a security breach1
> 30% of cyber attacks are aimed at small companies2
> In 2014, the average cost of a data breach to a company was $3.5 million, which is 15% more than what it cost in 20133
> A laptop is stolen every 53 seconds in the U.S.4
4
D A T A S E C U R I T Y A N D T H E C L O U D
DATA SECURITY: TOO IMPORTANT TO IGNORE CHAPTER 1
1 2013 Small Business Security Survey. National Small Business Association. 2013.2 Internet Security Threat Report 2014. Symantec Corporation. 2014. 3 2014 Cost of Data Breach Study: Global Analysis. Ponemon Institute. May 2014. 4 Stuart, Keith. Having your laptop stolen is traumatic. The Guardian. January 2015. 5 2014 Cost of Data Breach Study: Global Analysis. Ponemon Institute. May 2014.6 Data Breach: Is Your Business at Risk? Commercial Risk Insurance.
If a cyber attack or breach occurs at your agency, consider
the financial impact. For every record stolen, companies
stand to lose up to $188 per record.5 While financial loss
can eventually be regained, loss of reputation and customer
loyalty can be permanent. Four in 10 customers will consider
leaving a company if their information is lost or stolen.6 It’s
also critical to protect your clients’ personal and financial
information for compliance with various data protection laws.
As a trusted advisor, your client relationships go beyond just
risk management services you provide; your clients expect
you to safeguard their personal information and privacy. You
cannot afford to be unprotected.
HOW DOES THE CLOUD KEEP MY DATA SAFE? CHAPTER 2
At the most basic level, the cloud is a delivery
mechanism for IT services over a network, allowing
you to receive information technology such
as applications, data and security as a service.
Traditionally, many businesses, including agencies,
purchase hardware and software, and operate
it themselves or with the help of an outside
company. The cloud provides an alternative option,
and represents a shift from the traditional way in
which agents view IT. More and more companies
are running some or all of their critical business
applications in the cloud, and enabling clients to
connect with them online. In almost all cases, client
data is just as safe or safer in the cloud than in in-
house agency systems. In fact, most data breaches
involve on-premises data center environments.
5
D A T A S E C U R I T Y A N D T H E C L O U D
So how does the cloud environment work? The cloud environment includes secure data centers that control computing operations. These remotely-accessed centers are home to the servers that host software and process, store and protect data. Data and applications remain centralized in the data center facility while users operate in a virtual atmosphere through a wired or wireless Internet connection. With the cloud, there is no longer a need to store or back up data to removable media such as flash drives or CDs that can be lost or stolen.
In an online environment, information can be accessed on a laptop, tablet computer or smartphone anytime, anywhere an Internet connection is available. Users have more access through more devices in more locations. This kind of 24/7 on-demand service is a central component and provides a significant advantage.
Most insurance agents do not have the resources, expertise, time or money to match what data centers provide. Besides providing data security, data centers themselves are physically secure sites, staffed 24/7 with additional monitoring through video surveillance. These strict security standards require levels of redundancy and other measures that cannot be duplicated in typical offices.
TAKE ADVANTAGE OF DATA CENTERS CHAPTER 3
D A T A S E C U R I T Y A N D T H E C L O U D
“ We cannot provide the same environment that Applied can provide for us. Whether that’s data security, reliability, the cost of maintaining the servers or doing upgrades for us, the Applied environment is much more robust than what we could do on our own.”
JOHN GAGESystems Administrator Knight Insurance Group
6
When choosing a data center option, be sure it measures up to these standards:
> 99.9% uptime
> Tier 3+ facility, as defined by the Uptime Institute
> AES-256 data-at-rest-encryption (DARE)
> 128-bit, bi-directional, packet-level encryption
> Regular auditing against SSAE16 SOC 2 standards
> Automatic antivirus and software updates
> Site redundancy for backup
> Built-in firewall and intrusion prevention system
> Nightly backups
> Automatic download of agency data
Maintaining critical business information in a secure data center provides an extra layer of data protection. In addition, your business benefits from implementing more efficient data management and data access processes. Often, with a cloud-based system, applications and supporting software update automatically, so your business continually runs the latest software versions without incurring delays or extra expenses that may be required for manual updates.
7
D A T A S E C U R I T Y A N D T H E C L O U D
For insurance agencies, one of your most valuable assets is your client data. When physical damage occurs affecting your business and clients in the area, you must respond. Servers and tapes can be damaged, but in the cloud, the data is safe and accessible. Consider data security as part of your business continuity plan.
Any number of problems can compromise agency data, from theft of sensitive customer information, to natural disasters and cyber attacks. Online solutions can assist in mitigating risks and keeping your agency up and running should your business operations be interrupted. Physical and electronic security deliver data protection beyond what any individual agency can offer, as well as providing minimal downtime due to scheduled upgrades. If your agency’s internal computers or offices become inaccessible, online solutions are readily available from any secure Internet connection.
PROVIDE THE BESTDATA PROTECTION CHAPTER 4
8
D A T A S E C U R I T Y A N D T H E C L O U D
There are a number of precautions you can take to ensure better data security. Your agency cannot afford to take chances with security. If your company’s data is lost, the cost to recover or recreate it can be insurmountable. When developing a data security plan, remember these best practices.
DATA SECURITY BEST PRACTICES CHAPTER 5
9
D A T A S E C U R I T Y A N D T H E C L O U D
> Encrypt your data – Encrypting data helps to prevent the accidental loss of sensitive or protected information, including data classified as Personally identifiable information (PII). A Secure Sockets Layer (SSL) certificate is also important to secure your site, encrypting the communication between the user and the website. For secure remote access, you should also set up a virtual private network (VPN )security measures to standardize security software across your agency.
> Leverage network-based security hardware and software – Use firewalls, gateway antivirus, intrusion detection devices, honey pots and monitoring to screen for denial-of-service (DoS) attacks, virus signatures, unauthorized intrusion, port scans, and other “over the network” attacks and attempts at security breaches.
Data security should be a part of every business strategy and technology program. By following these best practices, you are taking steps to safeguard your data and your business’ reputation. Learn more about the cloud and data security and discover how Applied can be your data security partner.
10
D A T A S E C U R I T Y A N D T H E C L O U D
> Protect outbound data –Transport Layer Security (TLS) email encryption should be used for outbound emails, especially when emailing sensitive information. Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. Consider creating a DLP strategy at your agency.
> Secure your technology against viruses and malware – It is important to run antivirus software on your computing assets, such as desktops, laptops and tablets. Programs can be run at regular intervals to scan for viruses. It’s critical to continue to patch your operating systems and all third party software, as well as keep your antivirus software up to date.
> Vulnerability management – Periodic vulnerability assessments evaluate the effectiveness of security control solutions. You should conduct periodic vulnerability assessments of critical systems, those systems exposed on the Internet, or as determined by legal, regulatory or compliance requirements. This includes running internal and external vulnerability scans often.
> Educate your users – It is essential to create a culture of security and ensure all employees are aware of the data security plan. Encourage them to create strong passwords that are frequently changed. Staff should remember to always log out of the system when away from their computer and be careful when selecting unauthorized Wi-Fi networks.
This eBook was prepared by Applied Systems, Inc.
About Applied Systems
Applied Systems is a leading provider of software that powers the business of insurance. Applied is recognized as a pioneer in agency and brokerage management systems and data exchange between agencies, brokers, carriers and their clients. Automating the insurance lifecycle for more than 140,000 insurance professionals, 12,000 agencies and brokerages, and 350 carriers worldwide, Applied enables millions of people around the world to safeguard and protect what matters most.
©2015 Applied Systems, Inc. All rights reserved. This document is provided for information purposes only. It is intended to give timely, but general, information on the subject matter covered herein, and the contents of this document are subject to change without notice. Prior results and case studies mentioned in this document do not guarantee a similar outcome on any particular situation in the future. You should consult with an attorney or other professional service provider with respect to how the matters discussed herein affect and relate to your own business affairs. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether express or implied. Applied Systems and its affiliates specifically disclaim any liability with respect to this document and no contractual obligations are formed either
directly or indirectly by this document. Any statements made herein are not a commitment to deliver any material, code or functionality, and should not be relied upon in making purchasing decisions, except as provided for in a separate software license agreement. The development, release, timing and availability of any products, features or functionality described herein remain at the sole discretion of Applied Systems and its affiliates. All other names of products and published works identified herein may be the trademarks or otherwise proprietary material of their respective owner. Applied Systems, Inc. 200 Applied Parkway University Park, IL 60484 800.999.5368 For more information visit appliedsystems.com
CONTRIBUTORS
11
D A T A S E C U R I T Y A N D T H E C L O U D
Applied Systems, Inc. 200 Applied Parkway University Park, IL 60484 800.999.5368
For more information visit appliedsystems.com
© Copyright 2015 Applied Systems
