harold-byun

7 Common Cloud Security Missteps

Cloud Security Missteps

Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They are so easy to start using that consumers rarely think twice about setting up an account or downloading a new app.

Regardless of whether you acknowledge it, cloud usage incurs risk to your personal information. The data breaches in the news have much worse repercussions than just the need to reset your password. Cloud usage from your phone or computer may expose your data to criminal hackers who sell the information on the black market, or Darkweb.

cloud-security-tips

Of course, no one advocates for avoiding cloud use altogether – an attitude analogous to keeping money safe (but idle) under your mattress. Cloud services enable a brave new world of productivity and convenience, and consumers and businesses should take full advantage of these benefits. At the same time, you should be aware of common threats and take steps to minimize the risk that a wrong click leads to a fraudulent charge call with your credit card company.

A recent trend in the cybersecurity industry has removed the “blame” of security failures from technology users and shifted the focus to making security easy. With that in mind, there are simple choices people make online that affect the likelihood of becoming a victim to cybercrime. You don’t have to be a security engineer to beat the vast majority of hacking attempts.

Take heed of these common cyber security pitfalls:

1. Misstep: You lost control of your data because of the fine print in a user agreement. Solution: Many cloud services claim ownership of any uploaded data, even after you delete your account. These tricky rules are hidden in plain sight in the terms and conditions. Companies don’t expect you to read all the fine print, and I don’t either. 15 seconds of online research can go a long way before using a new cloud service. Google, “_______ shady user agreement.”

2. Misstep: You sent out a public link to a Google Doc so others could view and edit.

Solution: Creating a public link is a convenient way to share a common document, but this means literally anyone who guesses the link can view the document. You may not care about your grocery list getting loose on the internet, but even documents like a party-planning sheet may have your address or other information you want to keep private. To restrict access, invite email addresses instead.

3. Misstep: You’re a celebrity and had private information leaked from your iCloud.

Solution: This is the famous celebrity nude photo catastrophe. Attackers correctly entered their victims’ passwords, either by brute force (multiple guessing attempts) or with previously stolen passwords. You may not be a famous model, but hackers commonly rely on this same method to steal information from any given application.

iCloud, the service provider in this case, is not necessarily insecure, since attackers gained access in the same way the account owners do. It’s the user’s responsibility to confirm their identity, and sometimes a password alone doesn’t suffice. Multi-factor authentication can almost always prevent this type of attack and is a key measure for any service with sensitive information. You can follow these directions to set up two-factor verification for iCloud.

AloneTime(FP)-02

4. Misstep: You use the same password for every app on your phone.

Solution: The previous tip discussed how attackers can gain access to your sensitive information by guessing or using a stolen password. Don’t make it easy for them! If you use the same password for all online services, a breach at Twitter may give attackers entrance into your bank, Amazon, and corporate email accounts. Use a password manager to minimize the damage in the event a single service gets breached.

5. Misstep: Web trackers are storing information on the sites you visit online.

Solution: Just like any hunter, knowing where you like to go online helps hackers target and execute attacks. Visiting just a few web pages can attract nearly 50 different tracking services. Many web trackers are useful for the services you use, but they can also pose a security and privacy liability. Services like Ghostery let you selectively choose who can track you, so only sites you trust receive your information.

6. Misstep: You granted an application every permission under the sun.

Solution: Applications request authorization for device permissions, but sometimes these can overstep boundaries. Be discerning when services seem to overstep their bounds by requesting access to contacts or even your camera, for example. These permissions can cost you money by making phone calls, violate privacy, or make a malicious attack more dangerous. Look out for permissions that seem unnecessary for the application’s function.

7. Misstep: A small mobile app startup you know nothing about has access to your banking data.

Solution: Your bank spends hundreds of millions of dollars on protecting your account, but that brand new financial app may not implement the same level of security. When you give a service full access to your financial information, you’re essentially circumventing your bank’s security. Keep your bank account secure by applying the tips above to any financial app you use. You should also limit access to only the necessary services, some of which ask for more permissions. A good rule of thumb is to be extra discerning of any service that requires you to enter your online banking password within the app. On the other hand, services that send you back to your banking app to authenticate don’t have as much control.

The Bottom Line: Don’t be afraid of the cloud. On the contrary, the typical user is probably better off storing even sensitive information in the cloud. The human is almost always the weak link in security. Cloud services are designed to be easy to use, security features included. When you store data in the cloud, someone can’t get your information just by stealing your computer or phone. And it’s a lot easier to implement multi-factor authentication and encryption on a cloud service than on your own personal device. Plus, you get to take advantage of all the convenience and mobility of cloud. So enjoy those apps, but take a few extra minutes to reduce the risk that a cybercriminal will ruin your week.

By Harold Byun

Harold Byun

Harold is currently VP of Product Management at Skyhigh Networks. Prior to Skyhigh, he worked at MobileIron where he focused on mobile application delivery and security. Prior to MobileIron, he led the product management group at Zenprise (acquired by Citrix), where he launched their mobile DLP product and cloud offering to market. He also worked with the Vontu/Symantec DLP group and is the co-inventor on a patent filed for security risk visualization and scoring.

View Website
RSA Conference: FUD-free or filled?

RSA Conference: FUD-free or filled?

IoT 15 Billion Units By 2021 At the annual RSA conference, there were plenty of discussions and presentations on the evolving cybersecurity threat landscape, including application security issues, the internet of things (IoT) and data ...
How artificial intelligence and analytics helps in crime prevention

How artificial intelligence and analytics helps in crime prevention

How Artificial Intelligence Helps Crime Prevention According to a study released by FBI, there is an annual increase of 4.1% in violent crimes and 7.4% in motor-vehicle thefts in the United States in 2016. Despite ...
Technology Certification Courses

Top Five Technology Certification Courses To Choose From In 2018

Technology Certification Courses Gartner predicts that the global public cloud services market is projected to grow by 55 percent in the next three years and is expected to reach $383.3 billion by the end of 2020 ...
Secure Business Agility

Contrary to popular belief, a pro-privacy stance is good for business

Pro-Privacy Stance Right now privacy is a hot topic on LinkedIn posts, especially as it pertains to compliance with the General Data Protection Regulation. As a board advisor at Universal Patient Key, we've often talked about ...
5 Predictions for Data in the Cloud and Cloud Platforms

5 Predictions for Data in the Cloud and Cloud Platforms

5 Predictions for Data in the Cloud 2017 has proven to be a big year for migrating data to the cloud and cloud platforms: from Google to Microsoft and IBM to Oracle, enterprise organizations have ...
The Lighter Side Of The Cloud - Direct Reporting
The Lighter Side Of The Cloud - Techwear
The Lighter Side Of The Cloud - Without A Signal
The Lighter Side Of The Cloud - Whatever Happened To Alone Time?
The Lighter Side Of The Cloud - Passwords
The Lighter Side Of The Cloud - Dial-up Speeds
Comic
The Lighter Side Of The Cloud - iPatch
The Lighter Side Of The Cloud - Going Viral

CLOUDBUZZ NEWS

Getting to the How of Multicloud

Getting to the How of Multicloud

Customers are moving beyond thinking about what multicloud is, when it’s coming (it’s already here) or why it’s accelerating. At this point, we are in a new phase, where customers need to know how to navigate the complexity and power their next wave of ...
New Technology Partnership: SAP and the Mercedes EQ Formula E Team Power Up for the Future

New Technology Partnership: SAP and the Mercedes EQ Formula E Team Power Up for the Future

SAP and the Mercedes EQ Formula E Team Power Up WALLDORF — SAP SE (NYSE: SAP) today announced a new multiyear agreement with Mercedes-Benz to become the official business performance partner of the automaker’s Mercedes EQ Formula E ...
Sumo Logic and Partners to Host NYC DevOps Event with Dr. Nicole Forsgren

Sumo Logic and Partners to Host NYC DevOps Event with Dr. Nicole Forsgren

REDWOOD CITY, Calif., May 17, 2018 (GLOBE NEWSWIRE) -- Sumo Logic, the leading cloud-native, machine data analytics platform that delivers continuous intelligence, today announced it is hosting a DevOps industry event at the Eventi Hotel in New ...