Two years ago, I wrote an article for a Nuclear publication about Cloud technology, and if it was right for the nuclear sector. The original article can be found at the bottom of this blog.
I revisited this article because technology moves so quickly now, I wanted to see if the advice given then still stands today.
The 6 best practices discussed are still a must for all Cloud and IT environments:
- Data Location – Do you know where your data is? Do you know who has access to it?
- Encryption – Encryption is a must for ALL business devices now, including data in the cloud. This reduces the risk if your IT is compromised.
- Password Policies – Password policies will always be important, and the complexity will need to increase as the threats get smarter.
- Staff Training – Still one of the biggest areas businesses neglect within an organisation, their people. Education about threats and preventative action is a must today.
- Staff Policies & Documentation – Like the staff training, documentation and procedures are key to allow staff to follow safe practices.
- Personal Device Management / BYOD Policies – As technology in the home advances, so does the knowledge of the ‘standard user’. Users will want to bring their device into the office more and more, so a BYOD (Bring your own device) solution and policy will support security, access to the cloud and keep data safe.
What else can I do to secure my Cloud Data?
With today’s threats, strong passwords and policies aren’t enough. To improve data security and access to cloud services businesses should now adopt ‘2FA’ (two factor authentication) as a minimum standard.
2FA is a process of needing 2 items before being granted access. Very often its 1) Something you have (like a dongle or 2FA app) and something you know (Like a password).
By utilising 2FA to access your Cloud environment and data you increase the security immensely.
Should a Nuclear company use a Private Cloud or a Public Cloud?
This answer is different for each business depending on the level of data security they require.
A private cloud is usually a data centre environment segmented solely for the use of the business and is NOT on a shared platform. Often classed as more secure.
A Public cloud is a shared cloud environment – For example Microsoft AZURE or Amazon AWS.
A lot of the major public clouds can now offer area specific hosting. For example, they can locate your data to ‘UK only’, ‘Europe’ or ‘USA’. This allows you to comply with certain regulations in your industry.
For increased security and improved auditability, a private cloud is great as you can show the infrastructure is dedicated and private to you and your business.
Is Office 365 ok to use for the Nuclear sector?
If you would have asked me this question 2+ years ago, I would have said no. However, the answer today would be ‘It depends on the requirement’.
Office 365 have made some big leaps in terms of tools and security, and they can now offer UK ONLY hosted data with 2FA access.
If your data isn’t ‘sensitive’ then Office 365 should be a consideration, especially for the Exchange email services and Microsoft TEAMS that come with many of the Office 365 packages.
ORIGINAL ARTICLE:
IS THE ‘CLOUD’ RIGHT FOR THE NUCLEAR INDUSTRY?
IMPLEMENTING DATA MANAGEMENT PROTOCOLS SHOULD BE CONSIDERED A MATTER OF NECESSITY FOR ANY BUSINESS WITHIN THE NUCLEAR SECTOR, PARTICULARLY WHEN LOOKING TO USE CLOUD TECHNOLOGY, AS EXTRA VIGILANCE IS REQUIRED. BUT WHY IS IT SO IMPORTANT AND HOW DO WE IMPLEMENT IT CORRECTLY?
In this recent article from Nuclear Connect Magazine Michael Douglass, Director at Yellowbus Solutions Ltd, discusses the safety of using ‘cloud technology’ and guides us through some best practice methods for companies to keep their data secure.
HOW DOES ‘CLOUD TECHNOLOGY’ WORK FOR THE NUCLEAR INDUSTRY?
A cloud network is a collection of remote servers hosted on the internet to record, store and manage data, as opposed to holding data on local servers. In today’s increasingly mobile world, cloud networks have become progressively popular, offering instant access to data from locations all around the world.
WHAT BENEFITS ARE THERE TO HOSTING YOUR DATA IN THE ‘CLOUD’?
Cloud technology offers a number of benefits, but mainly, it provides authorised personnel access to data anywhere and anytime, offering flexibility, increased collaboration and improved monitoring.
Implementing centralised encryption and backups translates to better security, data loss prevention and easier disaster recovery which can be extremely beneficial throughout the data lifecycle.
WHAT ARE THE RISKS OF A CLOUD NETWORK AND IS IT SECURE?
Implementing the right security protocols and controlling who has access to data means that using a cloud infrastructure can be very safe, however, as cloud network access proliferates throughout the industry, the degree of risk also increases. This can include insider threat, cyber-attacks, and data tampering from competitors and the media. Therefore, it is important that data is managed with a set of security policies that will protect legal records and sensitive data from these risks.
WHAT PROTOCOL SHOULD I FOLLOW TO ENSURE DATA IS SECURE?
For best practice, you should abide by these 6 ways to safeguard your cloud network as a minimum;
- Know where your data is – With so many cloud technologies and hosting providers, do you really know where your data is kept? Ensure you do thorough research into the provider, their security levels, and exactly where your data and backups will reside. This will allow for compliance if your company or clients require data to remain somewhere specific, such as only within the UK or Europe.
- Encrypt your data – This will limit traceability as the data will be recoded into another form which can only be understood by authorised parties. By encrypting the Cloud platform used, sensitive emails, hard-drives, and all removable data, you will have peace of mind should there be any disruption.
- Implement password policies – On average, a basic 9 character password will take just 7 milliseconds to crack, but by simply adding a capital letter and a special character, you can increase this to 14 years. Although hackers are continuously getting smarter, you can stay one step ahead by regularly updating all your passwords and always incorporating a range of characters.
- Regulate social engineering - Occasionally, staff are the easiest way into a network due to careless actions such as opening unfamiliar links in emails, giving details over the phone and leaving written documentation in unsecure places. This naivety can be addressed by putting a staff policy in place that will educate your employees on how to reduce risk and avoid security breaches.
- User Training – Ensure current and new employees are fully aware and trained on security issues and how to avoid potential breaches. This should include best practice methods such as not posting information on social media and regularly updating individual passwords.
- Personal device protection – Often, companies operate on a ‘bring your own device’ (BYOD) system and therefore it is vital these devices are protected when they are linked to your network. This should include password and anti-virus protection as a minimum and should enable remote tracking and system wiping to reduce risk if the device becomes lost or stolen.
The bottom line is that the fast-growing nuclear sector requires the very best in data management. Although there will always be risk, with managed IT services, security and support, this can be prevented. It is highly recommended that you complete regular audits to confirm the protection and whereabouts of your data.
As highly reputable suppliers to the nuclear industry and specialists in data management, the team at Yellowbus Solutions Ltd are able to answer any of your questions on this topic. You can contact Michael Douglass directly and in confidence on 01925 838386 or by email to michael.douglass@yellowbus.uk
For further information about Yellowbus Solutions Ltd, and their services within the nuclear sector, please visit www.yellowbus.uk
