Five Simple Security Practices to Keep Your Hedge Fund's Cloud Safe

Feeling like you don’t have any control over security in the cloud? Think again. The truth is whether you’re managing your IT in-house or working with a third-party cloud services provider, there are a number of steps you can take to ensure your data and information remains safe in a cloud environment.
 
And I’m not talking about architecting an advanced cloud infrastructure. Here are five simple security practices you can employ to keep your firm’s information protected.

1. Patch applications such as Adobe PDF viewer, Adobe Flash Player, Microsoft Office and Java. Using the latest versions of these applications – and patching within two days – will help to prevent high-risk vulnerabilities. The same goes for your operating system.

2. Minimize the number of users with domain or local administrative privileges. Such users should use a separate unprivileged account for email and web browsing.

3. Employ application white-listing to help prevent malicious software and other unapproved programs from running. Examples are Microsoft Software Restriction Policies or AppLocker.

4. Use a host-based intrusion detection/prevention system to identify anomalous behavior, such as process injection, keystroke logging, driver loading and call hooking.

5. Provide user education regarding Internet threats and spear phishing socially engineered emails. Avoid using weak passwords, password re-use, exposing email addresses, and use of unapproved USB devices.

To learn more about cloud security, revisit these Hedge IT articles:

• Doing Your Cloud Homework: Answering Legal, Tech & Security Qs

• Extra, Extra! Cloud Security Alliance Releases New Guidance