Current trends such as storing business-critical processes in the cloud and BYOD offer clear-cut advantages. But they also pose additional risks. Software AG has developed six business software recommendations that help enterprises close the security gaps associated with the cloud, mobile devices and constantly growing volumes of data.
Five years ago hardly any company cared about business software security. But this is changing since more and software is being moved to the cloud. The cloud is more vulnerable to attacks.
By following these six steps, organizations can significantly increase the security of their data and business software without missing out on the advantages of the cloud:
- 1. Pay attention to security evaluations
More and more software vendors are testing their products for security loopholes. Users should therefore be aware of security evaluations by specialized security testing companies (e.g. Veracode), or have software tested by an outside party.
- 2. Check the risks of open-source components with databases
Enterprise software architectures consist of many components by different vendors and/or open-source modules. Organizations should inform themselves in advance about their business software components using public databases which provide lists of the risks of open-source models.
- 3. Separate data by relevance
When dealing with sensitive data, it is generally advisable to consider whether or not cloud storage is the right option. Providers of business software from the cloud usually define the interfaces, which users should then configure individually. This way, only non-critical data is connected to the Internet. Additionally, cloud operators can be held accountable, since ultimately they are liable for the security of the stored data.
- 4. Encrypt critical data
As a rule, companies should encrypt critical data before moving it to the public cloud. But this means that the data cannot be modified in the cloud because it would have to be decrypted there to do so, which would deem encryption unnecessary in the first place. Critical business data should therefore not be modified with business software from the public cloud.
- 5. Protect mobile devices
Mobile devices pose security risks to companies because preconfigured settings (not the user) decide whether an app connects to the Internet, which exposes data to possible attacks. Users should protect themselves by employing services that divide the device into two security zones, virtually turning the smart device into two separate devices. Apps can be installed to the public and non-secure private zone, but not to the business zone. This secured area has a hardened operating system and is where critical data should be stored.
- 6. Have a security response plan in place
Organizations should have a security response plan in place in the event of an emergency. The plan must define exactly how to respond if an attack takes place. This is the only way an organization can act fast and effectively and contain damage to an absolute minimum.