7 Cloud Security Mistakes Bound To Bite You

7 Main Cloud Security Mistakes 

Like sharks off the coast of North Carolina this summer, information security threats are lurking. And now that cloud computing is woven into the fabric of IT everywhere, specific risks to an enterprise’s data apply.

Cloud computing is to IT what Shark Week is to summertime: a cultural feeding frenzy. In a nod to the annual TV chomp-fest, Perspecsys presents the Seven Cloud Security Mistakes Bound to Bite You.

But taking basic precautions – whether at the beach or on the job – can help keep you and your data safe, respectively.

1. Relinquishing control of your most sensitive data to a cloud service provider

Just as swimmers are at the mercy of the ocean, using public cloud services equates to turning control of your data – even the sensitive and regulated data – over to cloud Service Providers.

Safety tip: For users: adhere to IT and security policies set by your organization when signing up for cloud services for business use. For organizations: Get familiar with data-centric security tools that work in and outside the company’s walls, in particular, cloud data encryption and tokenization.

sensitive-data

2. Not knowing where your data is hanging out

There are some beaches were you know you should not be going into the water. In the same vein, knowing the physical locations of where your data is being processed and stored will keep you on the right side of data-residency regulations that have a painful bite if they are violated.

Safety tip: Make sure you understand where you cloud provider’s primary and back-up datacenters are located. Take time to investigate the prevailing legal requirements in all of these jurisdictions regarding data privacy. Look to technologies such as cloud data tokenization to keep data resident in specific locations if data residency issues are challenging your cloud adoption program.

3. Not reading the fine print

When you sign up for cloud apps, you agree to the associated terms and conditions. This is like going full Hasselhoff with disregard for beach warning signs, since the policies and standards your organization adheres to regarding the treatment of data are likely not shared by the cloud service provider.

Safety tip: Insist on contractual clauses, which require that data maintained by your service providers be treated in certain ways. For example, if regulated data such as patient information is placed in third party cloud systems, additional safeguards may need to be put in place to ensure it is adequately protected.

4. Using weak passwords

Weak passwords are like a three-sided shark cage. Cyber criminals can swim right through your defenses. The top 100 passwords people use haven’t changed over the years, according to Researcher Mark Burnett who released 10 million passwords collected from data breaches over the past decade.

Safety tip: Use different passwords for different services and change your passwords frequently.

5. Believing passwords are enough

Letting passwords lull you into a false sense of security is like thinking you’re safe by swimming in a group, but not knowing there’s a colony of seals a few feet away. Shark and cyber attacks are both on the rise in 2015 as the number of bites and breaches continue to climb. The good news is that awareness is rising that even a strong password isn’t enough to keep data safe and savvy professionals are putting multiple layers of defense in place.

Safety tip: Strong multi-factor authentication is necessary to keep the network and cloud applications secure. Also use techniques like data encryption and tokenization to minimize the number of systems where data flows to in the “clear”, thereby minimizing the points where cyber criminals can get their hands on anything meaningful.

6. Not backing up your data

Boating without a life raft isn’t a high percentage move in the event of an accident. If anything, the famous U.S.S. Indianapolis speech from Jaws will make you want to always have a back up ride to shore. Make sure your cloud provider allows you to make local backups of your data too. This isn’t always possible with some of the big consumer cloud services, so be sure to ask.

Safety tip: Having backups of your data is always a good idea whether it is stored in the cloud or not. Using more than one cloud service minimizes the risk of widespread data loss or downtime due to a localized component failure.

7. Poor planning leaves you in a bind

If only Quint had listened to Chief Brody and went back to shore to get a bigger boat, perhaps he would have survived! As with most things in life, incorporating new data points into your plans can help keep you afloat. As you consider your cloud adoption programs, stay abreast of impending changes that can impact your cloud use, such as data privacy regulations that have been getting increasingly strict over the past year.

Safety tip: Map out the “life” of your cloud data. Pay attention to what countries it flows through and where it gets processed and stored. Identify if the movement of your data to any of these countries creates potential compliance or regulatory issues for you – either now or in the future – and take proactive steps to address the problem before it is too late.

By David Canellos

David is President and CEO of Perspecsys. Previously, David was SVP of Sales and Marketing at Irdeto Worldwide, a division of Naspers. Prior to that, David was the President and COO of Cloakware, which was acquired by Irdeto. Before joining Cloakware, David was the General Manager and Vice President of Sales for Cramer Systems (now Amdocs), a UK-based company, where he was responsible for the company’s revenue and operations in the Americas. 

MIT
Smart Manufacturing Startups AI and machine learning's potential to drive greater visibility, control, and insight across shop floors while monitoring machines and processes in real-time continue to attract venture capital. $62 billion is now invested ...
Cloud Image Migration
Effective Cloud Migration Monitoring The global pandemic witnessed the digital transformation of businesses in the cloud.  Today, even as the world resumes to normal, the end-to-end innovation in business strategies has kept the momentum going ...
Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...
Louis
Real-time Enterprise Software Data Enterprise software startups are capitalizing on real-time data to continually improve revenue, costs, cash flow, marketing, and sales as their business grows. The majority of software startup CEOs spoken with have ...
Dana Gardner
Low-code Development Has Entered a Maturity Spurt Closing the gap between the applications and services a company needs -- and the ones they can actually produce -- has long been a missing keystone for attaining ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.