By Saimon Michelson, Field CTO, North America, CTERA

It’s Data Privacy Day - a day on the calendar where we are reminded to reinforce the best practices that will keep our enterprise data safe and secure. CTERA’s Field CTO, North America, Saimon Michelson, shared with us some tips to keep in mind when it comes to ensuring data safety.

1.  Build high walls around data you store in the cloud:

• Ensure that you generate and own your data encryption keys, and no one - not even your cloud provider - can access or control them.  Completely protecting your data from any third party will ensure your data is not exposed in the event of a hack.
• Understand options for multi-cloud deployments and for developing a private cloud that can be fully deployed in your datacenter where critical assets can be stored.
  

2.  Instill a secure "zero trust" culture internally

• Email security: Enable advanced phishing protection enabled in user mailboxes and remind users often not to click on suspicious links in email
• Patching VMs: For technical teams, take extra care to install security patches on your virtual machines and cloud instances, focusing especially on Windows machines and Active Directory. If you own server machines that have not been updated recently, run Windows Update ASAP. 
• Zero trust: Assume there are malicious actors in your internal network and do not assume your networks are secure. Local networks, traditionally considered a "trusted haven" for storing data with lax levels of internal isolations, are now proving to be dangerous places - with local threats lurking and attempting to spread laterally, attempting to steal or encrypt your data. Enforce the use of strong passwords and have users update them regularly, even for their own laptops.
  

3.  Backup, backup, backup: There is no excuse for not backing up files. But not all backups are the same. Simply copying files to an external drive is not an effective data protection strategy. For secure and reliable protection, organisations should:

• retain at least one previous version of their files for a specific retention period (minimum of 30 days)
• keep these files in a read-only repository that is physically separated from the main copy
  

4.  Question your IT providers: When choosing a new IT provider, organisations must make sure to ask specific questions to ensure prioritised security during the engineering and design of the product. This has become particularly critical given the current landscape of massive ransomware and supply chain (e.g. SolarWinds) attacks. Ask your provider:

• Are they performing periodical security assessments by a third-party penetration testing lab to identify system vulnerabilities? And if so, can you see their latest report?
• Have they implement stringent supply chain security, using certifications such as Open Trusted Technology Provider Standard (O-TTPS)?
• Do they have FIPS 104-2 (Federal Information Processing Standard) certification?
• Are there references from customers to back up their expertise?
• Do they offer an SLA for time between a vulnerability being discovered and providing a security patch?
  

5.  Secure your remote file access: Remote work has become the new normal, and providing fast data access to remote and home offices has become a top priority. Becoming more distributed creates higher demand for data protection. Whether you enable remote access via laptop, VDI, or in increasingly popular global file systems, ensure your preferred method respects corporate security policies and, even better, delivers consistent access control from any user device or location. 

##

 

Saimon brings over 10 years of experience in IT, storage and cloud solutions. Saimon has held positions across several functions within CTERA, including product management, sales engineering and software development. Previously, Saimon designed software solutions for the IDF recruitment arm. He holds a BSc in Mathematics and Computer Science from Tel-Aviv University.