7 Common Cloud Security Missteps

Advertise on CloudTweaks

Cloud Security Missteps

Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They are so easy to start using that consumers rarely think twice about setting up an account or downloading a new app.

Regardless of whether you acknowledge it, cloud usage incurs risk to your personal information. The data breaches in the news have much worse repercussions than just the need to reset your password. Cloud usage from your phone or computer may expose your data to criminal hackers who sell the information on the black market, or Darkweb.

cloud-security-tips

Of course, no one advocates for avoiding cloud use altogether – an attitude analogous to keeping money safe (but idle) under your mattress. Cloud services enable a brave new world of productivity and convenience, and consumers and businesses should take full advantage of these benefits. At the same time, you should be aware of common threats and take steps to minimize the risk that a wrong click leads to a fraudulent charge call with your credit card company.

A recent trend in the cybersecurity industry has removed the “blame” of security failures from technology users and shifted the focus to making security easy. With that in mind, there are simple choices people make online that affect the likelihood of becoming a victim to cybercrime. You don’t have to be a security engineer to beat the vast majority of hacking attempts.

Take heed of these common cyber security pitfalls:

1. Misstep: You lost control of your data because of the fine print in a user agreement. Solution: Many cloud services claim ownership of any uploaded data, even after you delete your account. These tricky rules are hidden in plain sight in the terms and conditions. Companies don’t expect you to read all the fine print, and I don’t either. 15 seconds of online research can go a long way before using a new cloud service. Google, “_______ shady user agreement.”

2. Misstep: You sent out a public link to a Google Doc so others could view and edit.

Solution: Creating a public link is a convenient way to share a common document, but this means literally anyone who guesses the link can view the document. You may not care about your grocery list getting loose on the internet, but even documents like a party-planning sheet may have your address or other information you want to keep private. To restrict access, invite email addresses instead.

3. Misstep: You’re a celebrity and had private information leaked from your iCloud.

Solution: This is the famous celebrity nude photo catastrophe. Attackers correctly entered their victims’ passwords, either by brute force (multiple guessing attempts) or with previously stolen passwords. You may not be a famous model, but hackers commonly rely on this same method to steal information from any given application.

iCloud, the service provider in this case, is not necessarily insecure, since attackers gained access in the same way the account owners do. It’s the user’s responsibility to confirm their identity, and sometimes a password alone doesn’t suffice. Multi-factor authentication can almost always prevent this type of attack and is a key measure for any service with sensitive information. You can follow these directions to set up two-factor verification for iCloud.

AloneTime(FP)-02

4. Misstep: You use the same password for every app on your phone.

Solution: The previous tip discussed how attackers can gain access to your sensitive information by guessing or using a stolen password. Don’t make it easy for them! If you use the same password for all online services, a breach at Twitter may give attackers entrance into your bank, Amazon, and corporate email accounts. Use a password manager to minimize the damage in the event a single service gets breached.

5. Misstep: Web trackers are storing information on the sites you visit online.

Solution: Just like any hunter, knowing where you like to go online helps hackers target and execute attacks. Visiting just a few web pages can attract nearly 50 different tracking services. Many web trackers are useful for the services you use, but they can also pose a security and privacy liability. Services like Ghostery let you selectively choose who can track you, so only sites you trust receive your information.

6. Misstep: You granted an application every permission under the sun.

Solution: Applications request authorization for device permissions, but sometimes these can overstep boundaries. Be discerning when services seem to overstep their bounds by requesting access to contacts or even your camera, for example. These permissions can cost you money by making phone calls, violate privacy, or make a malicious attack more dangerous. Look out for permissions that seem unnecessary for the application’s function.

7. Misstep: A small mobile app startup you know nothing about has access to your banking data.

Solution: Your bank spends hundreds of millions of dollars on protecting your account, but that brand new financial app may not implement the same level of security. When you give a service full access to your financial information, you’re essentially circumventing your bank’s security. Keep your bank account secure by applying the tips above to any financial app you use. You should also limit access to only the necessary services, some of which ask for more permissions. A good rule of thumb is to be extra discerning of any service that requires you to enter your online banking password within the app. On the other hand, services that send you back to your banking app to authenticate don’t have as much control.

The Bottom Line: Don’t be afraid of the cloud. On the contrary, the typical user is probably better off storing even sensitive information in the cloud. The human is almost always the weak link in security. Cloud services are designed to be easy to use, security features included. When you store data in the cloud, someone can’t get your information just by stealing your computer or phone. And it’s a lot easier to implement multi-factor authentication and encryption on a cloud service than on your own personal device. Plus, you get to take advantage of all the convenience and mobility of cloud. So enjoy those apps, but take a few extra minutes to reduce the risk that a cybercriminal will ruin your week.

By Harold Byun

Harold Byun

Harold is currently VP of Product Management at Skyhigh Networks. Prior to Skyhigh, he worked at MobileIron where he focused on mobile application delivery and security. Prior to MobileIron, he led the product management group at Zenprise (acquired by Citrix), where he launched their mobile DLP product and cloud offering to market. He also worked with the Vontu/Symantec DLP group and is the co-inventor on a patent filed for security risk visualization and scoring.

View Website

Something went wrong. Please check your entries and try again.

CONTRIBUTORS

Using Cloud Analytics To Improve Customer Experience

Using Cloud Analytics To Improve Customer Experience

Evolution of Cloud Analytics Moving data to the cloud, once considered a strenuous task, has now become commonplace in most ...
Follow the Lead: 5 Data Security Tips Small Businesses Should Mimic From Larger Enterprises

Follow the Lead: 5 Data Security Tips Small Businesses Should Mimic From Larger Enterprises

Data Security Tips Small Businesses Should Mimic As more and more companies begin to switch to the cloud, cyber attacks ...
Four Cloud Security Mega Trends

Four Cloud Security Mega Trends

Cloud Security Trends Last year was a big year for the cloud. Cloud adoption continued to grow at a rapid ...
The Growing Complexity with IoT, Cloud and the Edge

The Growing Complexity with IoT, Cloud and the Edge

IoT, Cloud and the Edge The convergence of the Internet of Things (IoT), edge, and cloud has changed how enterprises ...
Five Compelling Ways To Use Salesforce Campaigns

Five Compelling Ways To Use Salesforce Campaigns

Salesforce Campaigns Salesforce, commonly known as “The World’s Favorite CRM Software” builds business software on a subscription basis. CRM stands ...
The Coming of Cloud Ended the AI Winter

The Coming of Cloud Ended the AI Winter

The Coming of Cloud Use Alexa, Siri, or Google Home? They are AI’s – Artifical Intelligences. Today, AI is in ...
Disaster Recovery Planning Should Be Non-negotiable For Every Business

Disaster Recovery Planning Should Be Non-negotiable For Every Business

Disaster Recovery Planning In today’s competitive business environment, being unable to service your customers needs can spell the end of ...
Open APIs Alone Won’t Change Banking

Open APIs Alone Won’t Change Banking

Open Banking API's Most people think of banks as one monolithic entity, but they are actually made up of hundreds ...

NEWS

Treacherous 12: Top Threats to Cloud Computing + Industry Insights

Treacherous 12: Top Threats to Cloud Computing + Industry Insights

Top Threats to Cloud Computing SEATTLE, Oct. 20, 2017 /PRNewswire/ -- The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining ...
New IDC Spending Guide Forecasts Nearly $120 Billion in Worldwide Spending on Security Products and Services in 2021

New IDC Spending Guide Forecasts Nearly $120 Billion in Worldwide Spending on Security Products and Services in 2021

FRAMINGHAM, Mass., October 19, 2017 – Worldwide spending on security-related hardware, software, and services is forecast to reach $119.9 billion in ...
Toyota to test self-driving, talking cars by about 2020

Toyota to test self-driving, talking cars by about 2020

TOKYO (Reuters) - Toyota Motor Corp (7203.T) on Monday said it would begin testing self-driving electric cars around 2020, which ...

NEWSLETTER SUBSCRIBE

CloudTweaks has been a prominent influence covering cloud technologies since 2009. We have worked and continue to work with a tremendous number of writers, contributors and partners throughout the world – all of whom provide insights into the cloud business community. This information is provided to our Newsletter subscribers on a weekly basis - free of charge.

Subscribe to recieve our weekly collection of Best of Thought leadership, Technology news, Tweaks, Curated resource links, Excluisve promotions and our popular Comic series.

JOIN US

Something went wrong. Please check your entries and try again.