By Chris Brandow, Invision Partner
Wait. Doesn’t my cloud provider handle all the security I need to protect my data?
A cloud service provider does protect your data to a certain extent, somewhat. But the majority of the burden to secure your data falls on you, not your provider. Prior to choosing a cloud service, some business owners spend hours and hours researching whether a cloud provider is secure, only to realize later they are wasting their time. Why? Threats change and evolve daily.
The Cloud Security Alliance (CSA) knows that decision makers need information about what kinds of threats they should expect when moving their company’s data to the cloud. After all, migrating critical assets to the cloud is a very important decision and one that should be made with a thorough understanding of what it entails. Therefore, the Alliance offers a download called Top Threats to Cloud Computing Plus: Industry Insights. It helps make sense of what one should expect when venturing into the cloud.
The report delves into 21 topics and I won’t go into depth on each one. However, the highlights are worth discussing. Keep in mind that the most important takeaway is that your data wasn’t at as much risk on your own private cloud as it will be in the cloud. Why? As far as attackers are concerned, hacking individual businesses is too much work for too little reward. But hacking into the cloud where there is a bunch of businesses’ data represents a juicy cloud-cornucopia of information that makes it worth the work. It’s the price of doing business – moving to the cloud makes you an unintentional target. Nothing against the cloud.
Now on to the list of the top threats you need to know before moving to and keeping your data in the cloud.
1. You’re not too small to experience a big data breach.
The biggest threat of having data in the cloud is a data breach, according to the CSA. This would include, but not limited to, information not intended for public viewing, such as personal, financial or medical information, trade secrets, etc. Data breaches aren’t new to cloud-based data storage, but are certainly a very big concern among its users.
2. IAM causing trouble.
IAM (Identity Access Management) is account control, policy enforcement, and credential management all rolled into one. This can be bundled in with the account hijacking that is farther down the list of top threats. Basically, if you have poor passwords protecting your accounts and one of them gets compromised, your data is in danger. Your users are also in danger since a hacker can change web pages or internal spreadsheets to incorporate malicious code that will compromise your computers as well as your data.
3. When everything is shared, maintaining privacy is difficult.
Shared technology/system vulnerabilities can cause an opening in the infrastructure that houses the hosting for a multitude of companies. Even though each company may be separated by software running on the hardware, the hardware itself shares memory and caches. These can be compromised and inadvertently give access to all data housed in the OS or hardware technology. Some hosting companies separate the live data from publicly visible data with cached systems to help prevent this type of breach, but if hackers have access at the hardware level, they can hop from system to system to get data.
4. Data loss happens.
Let’s face it, data loss happens. It doesn’t have to be malicious in nature to happen either. The cloud host could accidentally delete your data or there could be a disaster that destroys your data. Unless proper offsite backups outside the cloud provider’s facility are done on a regular basis, your data could be gone forever. Cloud providers need disaster recovery procedures in place should this scenario occur.
5. Expect a problem with 1-800-Dig-Wrong.
Going with cloud-hosted data storage exposes your business to one type of unavoidable and commonplace risk: internet outage. When Joey Backhoe digs up the lines down the block and chops through a thousand pair of fiber cables, it takes a while to repair them. While they are frantically splicing the lines back together, you cannot get to any of your internet-hosted data. With an internal private cloud, your internet would be out, but your internal users would still be able to do everything they needed to with your data safely on your network.
Worried About Cloud Security?
You can’t possibly prevent all attacks. But keeping an eye on your data is paramount to cloud security and minimizing the damage hackers can do. With Invision keeping track of your data and usage, even if an attack happens, mitigating the time the hacker is in your system is crucial to keeping control of it. Using cloud computing can be really beneficial to a company, for example, it means that you can use a system like this third party risk management system for your business. You just need to make sure someone is watching so you know when a threat happens and are ready to stop it.