RANSOMWARE TRACKING MAPS

Recent problems experienced with Ransomware are evident from infections, which have occurred in 99 countries including China and Russia. The organization that was worst hit by the attack was the National Health Service in England. It was reported that there was a WannaCry programme that demanded...

Cloud Storage Security Controls

Cloud Storage Security

Cloud Storage Security

Ask anyone who has fought in a war and they will tell you it’s an experience you can’t emulate. Many people have seen the eyes of their enemies as they fight. But what happens when your enemy is a thousand miles away, yet has all the information they need to know about you; location, strength, response time etc.

The world is run on information. Little 1’s and 0’s sent to the right place can do a lot more damage sometimes than any gun. And it is becoming obvious that the information we keep on our computers is no longer as safe as we’d hope.

Take Cloud storage. This is a current buzzword for information storage, and quite an amazing thing it is too. Networked data centers which negate the need for hard drives and disc drives to a certain extent. Information available 24 hours a day, 7 days a week from any physical location with internet access.

Innovative? Yes. Convenient? Certainly. But how much trust to you put in a system that can be accessed anywhere, and by anyone given the right tools and talent?

People such as Joseph Thomas Colon were able to hack into a secure database (the FBI in this instance.) Is it really such as great idea to keep your files permanently online, transferring them to other servers without considering the security issues?

Before considering putting your information in Cloud storage, consider the levels of control that you will require. The dictionary definition of a security control is thus: ‘ …safeguards or countermeasures to avoid, counteract or minimize security risks.’

Here are 4 examples of such controls:

Deterrent

Ensure the storage has at least some form of warning system that can act as a deterrent to unlawful access.
This is the electronic equivalent of the sign you would put in your window that says “Warning: Guard Dog on Premises.”
Examples of these include:

  • Logon Warning – Ensure that a person is aware of the rights to enter your site or information storage.
  • Creation of appropriate access banner on entry pages
  • A deterrent control tries to stop malicious activity before it even begins.

Preventative

Ensure that any security issues have already been broached. By managing the vulnerable parts of the storage, damage can be limited.

One example of this would be the inclusion of a proxy server.

This can act as a ‘bouncer’ between your information and the person(s) wishing to access it. Requests for your information can pass through this server, reducing the risk of a security breach.

Corrective

These security issues can be resolved after an attack or damage has taken place. Real time security is important.

An example might include the changing of passwords and usernames as soon as you are alerted to the security breach. Another might be a limitation of the time spent on your Cloud storage, to minimize potential breaches.
The downside to corrective controls is that often, a breach must have taken place, allowing you to see where you need to plug the holes as it were, in your system security.

Detective

These controls will detect any unlawful users, slaving itself to the corrective and preventative controls to ensure a minimal amount of damage. This might include a complete listing of possible ‘what if…’ scenarios. Using a plan of development, you can often stop an attack before it begins.

An example might be hiring or yourself trying to unlawfully access your information in an attempt to test the defenses.

Try to keep these four controls in mind when requesting, using or accessing information in Cloud storage. By using one or all of these controls, you can really limit the potential damage that may occur when keeping your sensitive information completely online.

By Susie Francis

This post was written by Susie Francis a content writer for HANDD, the secure file transfer specialists. When Susie isn’t surfing the web and writing great content she likes to build things.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.

SYNDICATED NEWS SOURCES

(ISC)2 and Cloud Security Alliance Host Cloud Security Summit to Help Cybersecurity Pros Securely Harness Cloud Technologies

By CloudBuzz | September 22, 2017

(ISC)2 and Cloud Security Alliance Host Cloud Security Summit Research cites strengthening of cloud security skills top priority over next three years CLEARWATER, Fla. ,Sept. 22, 2017 /PRNewswire-USNewswire/ — (ISC)² today announced it’s partnering with the Cloud Security Alliance (CSA) for the CSA…

Exclusive: T-Mobile, Sprint close to agreeing deal terms – Sources

By CloudBuzz | September 22, 2017

(Reuters) – T-Mobile US Inc (TMUS.O) is close to agreeing tentative terms on a deal to merge with peer Sprint Corp (S.N), people familiar with the matter said, a major breakthrough in efforts to merge the third and fourth largest…

Hack of U.S. securities regulator rattles investors, stirs doubts

By CloudBuzz | September 21, 2017

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading. The incursion at the…

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

By CloudBuzz | September 21, 2017

Servers Expose Over 1 Billion Records As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making…

Thales Joins the Microsoft Enterprise Cloud Alliance

By CloudBuzz | September 21, 2017

SAN JOSE, Calif., Sept. 21, 2017 /PRNewswire/ — Thales, a leader in critical information systems, cybersecurity and data security, is now a member of the Microsoft Enterprise Cloud Alliance (ECA). Designed to foster innovation and promote awareness of partner solutions, the ECA membership…

Addressing the UK NCSC’s Cloud Security Principles

By CloudBuzz | September 20, 2017

As your organization adopts more cloud services, it’s essential to get a clear picture of how sensitive data will be protected. Many authorities, from government regulators, to industry standards bodies and consortia, have provided guidance on how to evaluate cloud…