Cloud-based storage options make it convenient for all of your employees to access data, but how do you keep it both easy to access and safe?
More than 500 million people are using public cloud storage services such as Dropbox to share and exchange files. They’re convenient and easy to use, but their openness can undermine existing IT policies when sharing confidential data.
Many dental practices take a restrictive approach by applying web filtering to block access to web storage providers or by applying application controls to prevent cloud storage applications from being installed. This article focuses on applying data encryption everywhere to enable users to manage access to the cloud without placing data or the practice at risk.
Data is everywhere
Cloud storage services like Dropbox (which boasts more than 175 million users), Egnyte, Google Drive or Microsoft’s OneDrive are useful tools that let people access their files from anywhere and on any device. These services are also flexible, scalable and easy to deploy. As an SaaS (software-as-a-service) delivered application, it’s easy to update and available to anyone who needs to access it. However, by making that data more accessible, it also makes it more easily exposed to cyber criminals.
Today’s users are working everywhere, so you need to make sure your data protection works everywhere too. Data already flows across more devices, over more infrastructure and is accessed by more users than ever before. It’s constantly changing hands. In fact, your users may already be using the public cloud without your knowledge or approval.
As a result, a traditional system-based approach to securing your network’s perimeter isn’t enough. You need to make data the new perimeter and secure wherever it flows, whether it’s stored internally, in the public cloud or accessed from mobile devices.
When you think about security in the cloud, you should think about what that means for your business data by asking yourself the following questions:
• How are you managing password complexity for your users’ various cloud storage accounts?
• Are you taking measures to restrict users’ access to data that should never be stored in the public cloud in the first place? (HIPAA comes into play here.)
• Are your files being transferred to public cloud services unencrypted?
• Do you have written policies in place to ensure employees are unable to download a cloud storage service client to their desktops?
Data isn’t static. It grows, changes and influences the arc of your practice’s success today and well into the future. Data requires security, protection and confidentiality. It’s also meant to be shared with employees, partners, management, consultants and others invested in the performance of your business.
The increased use of smartphones and tablet PCs represents a major shift in the way people collaborate. If you provide your staff with such devices, or allow them to use their own as part of your “Bring Your Own Device” (BYOD) policy, it opens up a wealth of opportunities for increased employee comfort and productivity.
It’s widely acknowledged that data and intellectual property are among the most valuable assets for most businesses today, so protecting its security, integrity and confidentiality is a critical priority. It also enables its value and competitive advantage.
Ultimately, it’s about enablement. The practice needs the information, and to serve that need the information must be widely accessible and applied to create value. Too much security may result in a lost opportunity while too little can result in lost leads.
Take nothing for granted. As long as there’s data ready to be accessed and shared, there are external services available to help your users do just that. In trying to do their jobs and to enhance productivity, users may find it easier to overlook what they believe to be overly restrictive procedures that inhibit rather than follow best security practices.
Dental practices should take a hard look at how they’re utilizing cloud services and how they will affect their compliance with HIPAA rules and regulations.