When speaking about cloud technology, security often comes up as a concern. Especially as more and more businesses move their data and applications to the cloud. According to Jay Heiser, VP and cloud security lead at Gartner, “the volume of public cloud utilisation is growing rapidly, so that inevitably leads to a greater body of sensitive stuff that is potentially at risk”. Heiser asserts that the main responsibility for protecting corporate data in the cloud lies not only with the service provider but also with the cloud customer.
As such, when it comes to managing cloud security concerns, it’s important to know what the risks are and then come up with strategies to reduce these threats.
So, let’s start with understanding what cloud security threats are out there:
#1 Data breaches: When information that is not intended for public release – like personal health information, private financial information, personally identifiable information, trade secrets and intellectual property – is released.
#2 Poor identity control and access management: When malicious actors masquerade as legitimate users, operators or developers, allowing them to read, change and even delete data. Similarly, when attackers access a user’s credentials they can eavesdrop on activities and transactions, manipulate information and redirect people to sinister sites.
#3 System vulnerabilities: Attackers will exploit these vulnerabilities to infiltrate systems to take control and/or disrupt operations.
#4 Malicious insiders: When a person on the inside decides to use their access privileges to act in a sinister fashion putting sensitive information at risk.
#5 Data loss: Loss isn’t always due to a malicious attack. Data loss can occur when information is accidentally deleted by the cloud service provider or when a physical catastrophe, like a fire or earthquake, causes damage to the facilities where the data is being stored.
Now that we’ve outlined a few of the biggest cloud security risks, let’s move on to how to best mitigate these possibilities and ensure your information is kept safe at all times.
- Know what you’re responsible for: Cloud services aren’t all the same – with each come different levels of responsibility. As such, be sure to check with your provider that everyone understands who is in charge of which cloud security control.
- Putting control in access control: All of the major cloud providers offer identity and access control tools – use them. With these measures in place, you’ll always know who has access to what data and when.
- Actual protection: Many businesses make the mistake of leaving data unencrypted on the cloud. This is especially important if you decide to store highly sensitive data in the cloud. Where possible, maintain control of the encryption keys so that the ultimate responsibility of keeping the data safe lies in your hands.
- Improve visibility: Your cloud providers should offer some kind of monitoring tool. If you implement active security monitoring you can automatically see any unauthorised access attempts or other security related issues.
Let’s face it, data breaches and insider attacks are a real possibility and threat. When trying to mitigate these risks, you need to understand what you’re up against and then find the right partner to help you on your way. Every month we send out a newsletter with insights around all the latest trends and happenings in the tech space. To access these insights, subscribe below.
eBook - A roadmap to the cloud - Nebula