Hosting your software tools on the cloud makes your business efficient and can decrease your cost of operations. Migrating to the cloud has some potential risks that need to be managed in order to prevent a loss of revenue and customer trust. In this blog, we will discuss three key risks of cloud hosting and risk management strategies for each of these risks.
Data breaches happen very often due to poor security hygiene in the underlying software environment. It also happens due to improper or missing controls for safeguarding the data itself.
How Can Codefactori prevent potential data breaches?
- Securing data in transit: Using SSL/TLS to encrypt data in transit is an established best practice but also make sure that we meet up-to date standards for ensuring “A” grade. IE: https://www.ssllabs.com/ssltest/analyze.html?d=jira.addteq.com&hideResults=on
- Software patches: Staying patched is necessary to mitigate exploits that may lead to system compromise and data exfiltration. Cloud-based software operations require ensuring that the full stack is patched for known critical vulnerabilities ranging from the underlying hypervisor all the way to CVEs in the applications themselves. Codefactori ensures all critical vulnerabilities are patched within a 24-48 hour period including co-ordination with our customers.
- Shared responsibility model: Codefactori believes in a shared responsibility model with our customers in terms of controls and policies for minimizing the chances of data breaches. Some of our customers have restrictions such as ensuring Codefactori hosted applications are only accessible only via their corporate network and meeting certain compliance standards for the hosting environment. Codefactori works with our customers to ensure these requirements are met not only for initial onboarding but on an ongoing basis.
Security risk due to human error
Human errors arguably maybe the biggest security risks since those can defeat strict software and network policies and controls.
How Can Codefactori help manage risks associated with human errors?
- Multi factor authentication: We enable customers to deploy their multi-factor authentication system of choice for accessing Codefactori hosted applications. The Codefactori staff utilizes similar best practices for securing infrastructure access.
- Social Engineering Mitigation: Codefactori requires customers to provide named contacts that have billing and support requests authorization in order to reduce the effectiveness of social engineering attempts.
Codefactori has a very extensive backup policy for all hosted applications and customer data. We perform frequent incremental backups that are encrypted and even go as fas as ensuring multiple hosting provider level redundancy. We routinely exceed the backup requirements most of our customers have as part of their standard policy. Disaster recovery exercises and automated monitoring ensure the integrity of the backup.