Three steps to an effective cloud security strategyBy Charles CooperDeploying to the cloud without a plan or an overall approach could leave you worse off than if you had simply stayed with the \u2014 increasingly antiquated \u2014 dedicated data center model. In fact, a piecemeal strategy might actually lead to gaps in an organization\u2019s defense that didn\u2019t previously exist.When it comes to threat management, the success of your cloud deployment depends on coordinated actions that will integrate a cloud strategy with your overall cybersecurity posture. In particular, security experts argue on behalf of a multilayered approach to keep cloud data safe.1. Layer in layered securityDeploy private connectivity instead of a regular internet pathway to a cloud provider\u2019s network. At the same time, protect all of your mobile endpoints with anti-virus and anti-malware applications. Lastly, add EMM (enterprise mobility management) to track and disarm mobile devices that get stolen or lost.Encrypt stored data so that valuable information won\u2019t wind up in the wrong hands in the event of a breach. Also encrypt data whenever it\u2019s on the move and subject to risks from packet sniffing programs and other interception tactics used by malicious hackers.Monitor data usage closely. In the absence of a rigorous identification and authentication process, IT will have little idea which users are accessing which cloud resources. A cloud access security broker can help with cloud security both in terms of setting policy and monitoring what\u2019s going on and how data is being accessed.And take advantage of the technology to add levels of security for different types of data that your organization stores on the cloud. Make it as hard as possible for attackers to get their hands on what they want most.2. Data privacy\u00a0 Confusion about how to balance data privacy with regulatory considerations can lead to no shortage of headaches.For instance, local laws in some states mandate that companies encrypt backups. That begs the question of who should be responsible for taking care of the backups and the encryption in a cloud environment.Also, when it comes to compliance, play it safe; don\u2019t collect more than the minimum amount of personal information necessary. In case of a data breach, notify customers immediately to avoid legal fallout later on.3. Hold your cloud provider\u2019s feet to the fireYou need to be clear about spelling out the accountability of your cloud service provider. The provider should be prepared to do its part, but you need to hold them responsible in order to ensure that your data is secured when breaches occur.Also, find out what they will do to make sure attackers can\u2019t cross from another environment to corrupt or otherwise imperil your data. Similarly, if someone else gets hacked, how will the provider assure customers that nobody will be able to access your environment.None of this will offer ironclad guarantees that your cloud won\u2019t get breached at some point. But it will put you ahead of the game and leave you well-prepared to mitigate the damage if and when that day of decision ever does arise.Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.