As we’ve seen on this website, cloud computing has an untold number of virtues. From improved portability to increased green credentials of the IT sector and from revolutionising industries to helping the disabled, it is undeniable that the cloud has radically altered our daily lives. Nonetheless, to assume that cloud computing comes without security risks would be both short-sighted and naïve.
Heartbleed, the NSA, WikiLeaks, cybercriminals, and hackers – the list of people who want to exploit your personal information is endless. Sadly complete technological security is difficult to achieve and most users leave their data open to exploitation by making themselves an easy target for the aforementioned groups. Although governments are trying hard to improve the cloud’s security with use of data protection and in-country servers, the reality is that problems will still occur.
We recently looked at reasons why SMEs should do their accounting in the cloud. Although we discovered a number of beneficial reasons, the nature of cloud computing still means that ultimately someone else is looking after your information in an offsite data centre.
That host has a huge amount of control over your information. They are responsible for all updates and have access to your data. Most importantly they are highly unlikely to be as rigorous or precautious with your data as you would be if you used your own onsite data centre. Make sure you choose your host wisely.
As hackers and cybercriminals become more prevalent we are seeing an increased incidence of data breaches occurring. These breaches can often lead to mass data loss, and in an ever-increasing world of compliance, legal liability, and business continuity that data loss will often result in lawsuits and extended court cases.
Companies are now being directly held to account for inadequate safeguards and lack of privacy protection. While these measures are undeniably expensive to implement, a drawn-out battle through the courts is infinitely more expensive. The recent data breach at Target, which saw up to 70 million customers have personal information and credit card details stolen, could end up costing the company as much as $1.1 billion in lawsuits and compensation claims from the banking industry.
Although less of a concern for small businesses, the threat of an employee stealing data for either personal gain or corporate humiliation is a very real danger for larger organisations. Some of the most serious recent breaches are a result of an ‘insider job’ – including the Vodafone breach of 2 million customers’ bank details and the now infamous theft of NSA data by Edward Snowden.
In both these examples the data was stolen by a person with access to a privileged user access. Once an employee gains access to a company’s cloud, everything from customer data to confidential information and intellectual property can easily be extracted.
The threat doesn’t end there. Small businesses who do not implement sufficient security could see a former employee with a grudge and a computer potentially delete the entire organisation’s cloud – a move which would have disastrous consequences for a company’s clients and its reputation.
What do you think are the biggest security challenges facing a business which uses the cloud?
By Daniel Price
