7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps

Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They are so easy to start using that consumers rarely think twice about setting up an account or downloading a new app.

Regardless of whether you acknowledge it, cloud usage incurs risk to your personal information. The data breaches in the news have much worse repercussions than just the need to reset your password. Cloud usage from your phone or computer may expose your data to criminal hackers who sell the information on the black market, or Darkweb.

cloud-security-tips

Of course, no one advocates for avoiding cloud use altogether – an attitude analogous to keeping money safe (but idle) under your mattress. Cloud services enable a brave new world of productivity and convenience, and consumers and businesses should take full advantage of these benefits. At the same time, you should be aware of common threats and take steps to minimize the risk that a wrong click leads to a fraudulent charge call with your credit card company.

A recent trend in the cybersecurity industry has removed the “blame” of security failures from technology users and shifted the focus to making security easy. With that in mind, there are simple choices people make online that affect the likelihood of becoming a victim to cybercrime. You don’t have to be a security engineer to beat the vast majority of hacking attempts.

Take heed of these common cyber security pitfalls:

1. Misstep: You lost control of your data because of the fine print in a user agreement. Solution: Many cloud services claim ownership of any uploaded data, even after you delete your account. These tricky rules are hidden in plain sight in the terms and conditions. Companies don’t expect you to read all the fine print, and I don’t either. 15 seconds of online research can go a long way before using a new cloud service. Google, “_______ shady user agreement.”

2. Misstep: You sent out a public link to a Google Doc so others could view and edit.

Solution: Creating a public link is a convenient way to share a common document, but this means literally anyone who guesses the link can view the document. You may not care about your grocery list getting loose on the internet, but even documents like a party-planning sheet may have your address or other information you want to keep private. To restrict access, invite email addresses instead.

3. Misstep: You’re a celebrity and had private information leaked from your iCloud.

Solution: This is the famous celebrity nude photo catastrophe. Attackers correctly entered their victims’ passwords, either by brute force (multiple guessing attempts) or with previously stolen passwords. You may not be a famous model, but hackers commonly rely on this same method to steal information from any given application.

iCloud, the service provider in this case, is not necessarily insecure, since attackers gained access in the same way the account owners do. It’s the user’s responsibility to confirm their identity, and sometimes a password alone doesn’t suffice. Multi-factor authentication can almost always prevent this type of attack and is a key measure for any service with sensitive information. You can follow these directions to set up two-factor verification for iCloud.

AloneTime(FP)-02

4. Misstep: You use the same password for every app on your phone.

Solution: The previous tip discussed how attackers can gain access to your sensitive information by guessing or using a stolen password. Don’t make it easy for them! If you use the same password for all online services, a breach at Twitter may give attackers entrance into your bank, Amazon, and corporate email accounts. Use a password manager to minimize the damage in the event a single service gets breached.

5. Misstep: Web trackers are storing information on the sites you visit online.

Solution: Just like any hunter, knowing where you like to go online helps hackers target and execute attacks. Visiting just a few web pages can attract nearly 50 different tracking services. Many web trackers are useful for the services you use, but they can also pose a security and privacy liability. Services like Ghostery let you selectively choose who can track you, so only sites you trust receive your information.

6. Misstep: You granted an application every permission under the sun.

Solution: Applications request authorization for device permissions, but sometimes these can overstep boundaries. Be discerning when services seem to overstep their bounds by requesting access to contacts or even your camera, for example. These permissions can cost you money by making phone calls, violate privacy, or make a malicious attack more dangerous. Look out for permissions that seem unnecessary for the application’s function.

7. Misstep: A small mobile app startup you know nothing about has access to your banking data.

Solution: Your bank spends hundreds of millions of dollars on protecting your account, but that brand new financial app may not implement the same level of security. When you give a service full access to your financial information, you’re essentially circumventing your bank’s security. Keep your bank account secure by applying the tips above to any financial app you use. You should also limit access to only the necessary services, some of which ask for more permissions. A good rule of thumb is to be extra discerning of any service that requires you to enter your online banking password within the app. On the other hand, services that send you back to your banking app to authenticate don’t have as much control.

The Bottom Line: Don’t be afraid of the cloud. On the contrary, the typical user is probably better off storing even sensitive information in the cloud. The human is almost always the weak link in security. Cloud services are designed to be easy to use, security features included. When you store data in the cloud, someone can’t get your information just by stealing your computer or phone. And it’s a lot easier to implement multi-factor authentication and encryption on a cloud service than on your own personal device. Plus, you get to take advantage of all the convenience and mobility of cloud. So enjoy those apps, but take a few extra minutes to reduce the risk that a cybercriminal will ruin your week.

By Harold Byun

About Harold Byun

Harold is currently VP of Product Management at Skyhigh Networks. Prior to Skyhigh, he worked at MobileIron where he focused on mobile application delivery and security. Prior to MobileIron, he led the product management group at Zenprise (acquired by Citrix), where he launched their mobile DLP product and cloud offering to market. He also worked with the Vontu/Symantec DLP group and is the co-inventor on a patent filed for security risk visualization and scoring.

Find out more
View All Articles

Sorry, comments are closed for this post.

Are You SURE You Are Ready For The Cloud?: Financial

Are You SURE You Are Ready For The Cloud?: Financial

Are You Cloud Ready: Financial In my previous article, I discussed several different points about moving to the cloud. A lot of companies do it for many reasons, but the majority of them in my experience normally come down to two major reasons: 1) Financial 2) Security of business. The security tab isn’t the same…

What Forecasts Of Data Breaches Should Spell To Cloud Security Practitioners

What Forecasts Of Data Breaches Should Spell To Cloud Security Practitioners

Cloud Security Practitioners And Auditors Today we have seen relatively few data breaches in the cloud despite its growing use for mission-critical workloads. However, as cloud increasingly becomes the backend for our mobile devices, for the Internet of Things (IoT) and for other daily life functions, we can safely predict that hackers will set their…

Are You Sure You’re Ready For The Cloud?: Connectivity

Are You Sure You’re Ready For The Cloud?: Connectivity

Cloud Connectivity Many times when we think of “cloud” we think of the elastic compute and storage, but we forget one very important thing, connectivity. Even though connectivity is no part of the cloud itself, it does have a direct bearing on how we access it, use it, and play around with it. If our…

The Importance Of Cloud Password Management

The Importance Of Cloud Password Management

Cloud Password Management A very obvious trend over the past few years has been organizations moving their business applications to the cloud. This trend has been talked about over and over again, including the benefits, drawbacks, implementation hurdles, etc. So what is the next step or advancement in cloud hosted applications? The next step is…

Cloud Pricing: What In The End Am I Actually Paying For?

Cloud Pricing: What In The End Am I Actually Paying For?

Cloud Pricing: What In The End Am I Actually Paying For? I’ve been blogging about this concept now for a while. What is the cost of a cloud solution and what in the end am I actually paying for? I know I am not the only person considering this as I’ve seen any number of articles…

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones from Apple, Samsung and HTC (Sponsored post courtesy of Verizon Wireless) The launch of the Galaxy S7 Edge at the Mobile World Congress in Barcelona during February was the first shot in a vintage year for mobile phones. The S7 is an incredible piece of hardware, but launches from HTC and Apple later in the…

Featured Sponsored Articles
How Successful Businesses Ensure Quality Team Communication

How Successful Businesses Ensure Quality Team Communication

Quality Team Communication  (Sponsored post courtesy of Hubgets) Successful team communication and collaboration are as vital to project and overall business success as the quality of products and services an organization develops. We rely on a host of business tools to ensure appropriate customer interactions, sound product manufacturing, and smooth back-end operations. However, the interpersonal relationships…

Featured Sponsored Articles
How To Develop A Business Continuity Plan Using Internet Performance Management

How To Develop A Business Continuity Plan Using Internet Performance Management

Internet Performance Management Planning CDN Performance Series Provided By Dyn In our previous post, we laid out the problems of business continuity and Internet Performance Management in today’s online environment.  In this article, we will take a look at some of the ways you can use traffic steering capabilities to execute business continuity planning and…

Featured Sponsored Articles

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor