When it comes to selecting a cloud vs-premise intranet, the main difference to take into consideration is intranet security. This blog post discusses the three main concerns when it comes to intranet security, and with advice to mitigate these risks.
1. Be The One In Control Of Your Intranet Security
Storing sensitive information on a third party, an external platform such as a cloud; essentially means it’s on a giant shared drive alongside other data, instead of safely storing it on your own server. Ultimately you have no control over how secure your content is, especially if you have selected a multi-tenant cloud intranet. This is when you’re grouping your sensitive data with your provider’s other customers.
Cloud intranets are more vulnerable to hackers because “…With the cloud is that it simply expands the systemic vulnerabilities that have existed since the Internet was developed. The internet was built for redundancy, not security,” Will Donaldson, CEO of digital security firm nomx. Basically, the cloud technology is advancing at a faster pace than the security measures are to keep your intranet secure.
Solution 1: On-Premise Intranet
Storing information in an intranet that’s on-premise minimizes this risk by storing in on your own server, where you’re able to control your own security measures.
But what if you’re among the growing companies whose workforce is working remotely, how do those off-site users gain access to the intranet?
The best solution is a VPN; though they come with their own set of challenges as well. Challenges such as speed, price, trust, and data retention policies. Any time you take security controls out of your own hands you need to trust that the provider will be able to ward off a security threat and stick to their word about retention of user data. Usually, as long as you don’t go with the cheap new VPN service that has no reviews and has only been around for a day, you’ll do fine.
Solution 2: Private Cloud Intranet
If mobile is very important, you still need a cloud software, try a private cloud. It’s significantly more secure than a multi-tenant cloud intranet, allows you to launch in days, and doesn’t require any IT resources. Private cloud intranet means that your data is safely stored on its own server, as opposed to sharing the space with your provider’s other customers.
2. Network Security Breach
Whether it’s through spam, phishing, spyware, or malware, external hackers are ubiquitous and both the employees and employer must take appropriate measures to ensure your private data stays that way.
Often it’s assumed that employees are the culprits for network vulnerability. However, the organization itself may not have configured their network properly, use security tools that don’t support its purpose or have created, implemented and enforced their own security politics without consulting an expert. To circumvent the risk of an intranet security breach, ensure you are communicating effectively to your employees about the importance of intranet security, update firewalls and anti-virus software, and work with support teams to ensure networks are configured properly.
In May 2017 the WannaCry malware successfully executed the worst cyber-attack in history crippled over 230,000 computers in 150 countries, including organizations as large as the NHS (National Health Service) in the U.K., all the way down to personal computers. Other more prominent companies that have been hacked recently include:
- The White House Staff Gmail (Sept, 2016)
- MailChimp (Nov, 2016),
- Yahoo (Dec, 2016)
- The infamous Ashley Madison hack in 2015, a dating site for married individuals seeking extramarital affairs. 32 million people were exposed, including their names, passwords, addresses, as well as their financial information and transactions.
The benefit of having an on-premise intranet means you are in control of your own network security. Should you have any concerns regarding configuration or security, our on-premise intranet has technical support and maintenance standing by to assist.
3. Internal Risks
With any number of people accessing a network, there is always a risk of human error or disgruntled employees. A few internal risks include:
- Weak Passwords – using passwords like ‘password’ is like leaving your intranet showing up to work with nothing but socks on. Have a little decency here, and cover up your valuable information. And don’t write your password on a sticky note on your monitor!
- Unauthorized Access – make sure you set permission levels to sensitive information to avoid unauthorized users from accessing it.
- Remote Access – if employees are accessing the intranet from their personal devices, ensure they are up to date with their anti-virus and firewall software. Accessing cloud intranet on public 3G, 4G or Wi-Fi networks leaves the information extremely susceptible to hackers. Accessing on-premise intranet remotely through at VPN is significantly more secure.
- Disgruntled or recently terminated employees leaking information.
Initiate a few safety precautions to alleviate these risks. Expire passwords every 60 days. Add automatic time-outs. Prevent logins from saving on the devices. Remove login information from employees as soon as they leave the company.
Choosing between a cloud vs on-premise intranet is a big decision. Make sure you do extensive research before deciding between the two, but if intranet security is a priority, on-premise intranet is the best way to go. Once your intranet is set up on your server, ensure you take the following steps to keep your content secure:
- Be cognizant of today’s network security risks
- Use caution with social networking sites as they are often gateways to viruses (use internal communication software instead)
- Apply security controls
- Keep a firewall up to date
- Implement and monitor a security policy
- Train employees on intranet security
If you have any questions on cloud vs on-premise intranet security, feel free to leave a comment below!