Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure?

Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that 64 percent of medium and large businesses believe cloud infrastructure is more secure than legacy systems.

What factors contribute to positive and negative impressions of cloud security? What should businesses do to protect their data better?

Fear of the Cloud Arises From Media and Lack of Knowledge

You cannot blame people for being worried about cloud security. Everyone remembers the Target and Home Depot breaches, which compromised tens of millions of customer credit card information, as well as the Apple iCloud hack that leaked private celebrity photos to the public. These incidents caused many major news outlets to question cloud security. However, the media forgot to mention that these three high-profile attacks did not have much to do with cloud computing.

Target allowed a third-party to access its network, and then hackers got ahold of that third party’s log in credentials. Home Depot was attacked in much the same way, with hackers stealing a vendor’s login, accessing the network, and then using custom malware to get around the company’s antivirus software.

Even large businesses have mixed feelings about security in the cloud, naming it both the number one benefit and most frequently encountered challenge.

Many recent data breaches have been reported incorrectly. … In most cases, it is human error, and the Cloud cannot protect you from that.” – Jason Reichl, CEO, Go Nimbly

Impressions of Cloud Security Remain Resilient

Despite these events, this year, 90 percent of enterprises plan to increase or maintain their annual spending on cloud computing. If cloud infrastructure were such a risk, businesses would not be investing in the platform at such high rates.

david-linthicumDavid Linthicum, Senior Vice President of Cloud Technology Partners, says to think about cloud security systems like this: is your money safer stuffed in a mattress at home where you have control of it or with your local bank? A bank, obviously, is better positioned to protect your money because they have a vault and security cameras and are insured. Likewise, a cloud service provider (CSP) is better positioned to protect your data because they invest in 24-7 monitoring, the best cyber security tools, and physical barriers, such as video surveillance and biometric scanning.

Unfortunately, cloud infrastructure security on its own, out-of-the-box, is not enough to safeguard your business’ crucial data.

Steps to Ensure Data Security in the Cloud

What steps should businesses take to ensure data security, when using cloud infrastructure?

Migrating to the cloud starts with selecting a CSP that fits your business’ needs. It is important to recognize that not all CSPs are equal.

In 2013, former Editor in Chief of Yahoo Tech Dan Tynan detailed his experience with Box. In particular, he talked about how all his Box files once disappeared for six months. Specifically, his login didn’t work and the company could not locate the account associated with his email. This means Tynan’s data was missing for half a year, which raises concerns about stolen information. Who had access to his data?

National Security Agency (NSA) whistleblower Edward Snowden also warned against relying on the security features of another popular cloud service, Dropbox.

Dropbox? Get rid of Dropbox. It doesn’t support encryption. It doesn’t protect your private files. Use competitors, like SpiderOak, that do the same exact service, but they protect the content of what you’re sharing,” Snowden said in a 2014 interview with the New Yorker.

Indeed, it is true: some CSPs are more secure than others. For example, the difference between Dropbox and SpiderOak is that Dropbox, as well as many other major CSPs, encrypts data on its own servers but does not encrypt data locally, leaving it vulnerable to attacks. Conversely, SpiderOak encrypts data on both your local servers and their personal servers, reducing the opportunity for a security breach.

Regardless of the CSP your business uses, additional local security measures, such as data encryption, improved identity access policies, and regular audits, will minimize the possibility of a costly cyber attack.

By Sarah Patrick

Mark Banfield
Implement A Seamless Customer Experience The need for digital interaction has never seemed more critical than it does today. As the coronavirus continues to spread, citizens around the world are being asked to hunker down ...
Martin Mendelsohn
The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
Gilad David Maayan
What is SASE (Secure Access Service Edge)? SASE (Secure Access Service Edge) is a term coined by Gartner to refer to a new architecture for networking and security that combines both functions into a single, ...
Frank Suglia
Migrating Microsoft Office 2013 As of April 11, 2023, Microsoft will stop supporting Office 2013. The decision to end support for Office 2013 should come as no surprise. Over the past several years, Microsoft has ...
Rob Reinauer
The last few years have brought significant changes, adoption and innovation to the cloud space. As 2023 begins, there’s an opportunity to consider what’s in store for the year ahead. From hybrid and remote work ...
10 Leading Open Source Business Intelligence Tools
Open Source Business Intelligence Tools It’s impossible to take the right business decisions without having insightful information to back up the decision-making process. Open Source Business Intelligence Tools make it easier to have our raw ...
Stacey Farrar
Modern Auth and Exchange Online Migrations Microsoft has phased out Basic Authentication (Basic Auth), replacing it with Modern Authentication (Modern Auth) to provide increased protection and user security. Through this, Microsoft has turned off Basic ...
Sofia Jaramillo
Augmented Reality in Architecture Augmented reality (AR) is a growing field of study and application in the world of architecture. This useful tool can help us visualize architectural designs by superimposing them onto real-world scenes ...