Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure?

Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that 64 percent of medium and large businesses believe cloud infrastructure is more secure than legacy systems.

What factors contribute to positive and negative impressions of cloud security? What should businesses do to protect their data better?

Fear of the Cloud Arises From Media and Lack of Knowledge

You cannot blame people for being worried about cloud security. Everyone remembers the Target and Home Depot breaches, which compromised tens of millions of customer credit card information, as well as the Apple iCloud hack that leaked private celebrity photos to the public. These incidents caused many major news outlets to question cloud security. However, the media forgot to mention that these three high-profile attacks did not have much to do with cloud computing.

Target allowed a third-party to access its network, and then hackers got ahold of that third party’s log in credentials. Home Depot was attacked in much the same way, with hackers stealing a vendor’s login, accessing the network, and then using custom malware to get around the company’s antivirus software.

Even large businesses have mixed feelings about security in the cloud, naming it both the number one benefit and most frequently encountered challenge.

Many recent data breaches have been reported incorrectly. … In most cases, it is human error, and the Cloud cannot protect you from that.” – Jason Reichl, CEO, Go Nimbly

Impressions of Cloud Security Remain Resilient

Despite these events, this year, 90 percent of enterprises plan to increase or maintain their annual spending on cloud computing. If cloud infrastructure were such a risk, businesses would not be investing in the platform at such high rates.

david-linthicumDavid Linthicum, Senior Vice President of Cloud Technology Partners, says to think about cloud security systems like this: is your money safer stuffed in a mattress at home where you have control of it or with your local bank? A bank, obviously, is better positioned to protect your money because they have a vault and security cameras and are insured. Likewise, a cloud service provider (CSP) is better positioned to protect your data because they invest in 24-7 monitoring, the best cyber security tools, and physical barriers, such as video surveillance and biometric scanning.

Unfortunately, cloud infrastructure security on its own, out-of-the-box, is not enough to safeguard your business’ crucial data.

Steps to Ensure Data Security in the Cloud

What steps should businesses take to ensure data security, when using cloud infrastructure?

Migrating to the cloud starts with selecting a CSP that fits your business’ needs. It is important to recognize that not all CSPs are equal.

In 2013, former Editor in Chief of Yahoo Tech Dan Tynan detailed his experience with Box. In particular, he talked about how all his Box files once disappeared for six months. Specifically, his login didn’t work and the company could not locate the account associated with his email. This means Tynan’s data was missing for half a year, which raises concerns about stolen information. Who had access to his data?

National Security Agency (NSA) whistleblower Edward Snowden also warned against relying on the security features of another popular cloud service, Dropbox.

Dropbox? Get rid of Dropbox. It doesn’t support encryption. It doesn’t protect your private files. Use competitors, like SpiderOak, that do the same exact service, but they protect the content of what you’re sharing,” Snowden said in a 2014 interview with the New Yorker.

Indeed, it is true: some CSPs are more secure than others. For example, the difference between Dropbox and SpiderOak is that Dropbox, as well as many other major CSPs, encrypts data on its own servers but does not encrypt data locally, leaving it vulnerable to attacks. Conversely, SpiderOak encrypts data on both your local servers and their personal servers, reducing the opportunity for a security breach.

Regardless of the CSP your business uses, additional local security measures, such as data encryption, improved identity access policies, and regular audits, will minimize the possibility of a costly cyber attack.

By Sarah Patrick

Jen Klostermann

Enterprises Starting To Embrace Blockchain-as-a-Service (BaaS)

Blockchain as a Service (BaaS) Many global companies have already implemented Blockchain-as-a-Service (BaaS) into their cloud offerings. There isn't any question that offering BaaS can serve as a differentiator for many companies. Not to mention, ...
Patrick Joggerst

Session Border Control as a Service: Faster, More Secure and Dramatically Less Complex Enterprise Communications

Session Border Control as a Service As businesses are increasingly moving to cloud-based unified communications (UC) for improved collaboration and productivity, they must also ensure that their networks and systems are as secure as possible ...
Juan Pablo Perez Etchegoyen

7 Security and Compliance Considerations for Cloud-Based Business Applications  

Security and Compliance Considerations There’s no doubt on-premises deployments of mission-critical business applications provide more control over data as it resides within the four walls of an organization’s network infrastructure. However, businesses can no longer ...
Jen Klostermann

FinTech and Blockchain vs Traditional Banking

FinTech and Blockchain Growth "The Rise of FinTech - New York’s Opportunity for Tech Leadership", a report by Accenture and the Partnership Fund for New York City, reveals that global investment in FinTech endeavors has ...
Martin Mendelsohn

Who Should Protect Our Data?

Who Should Protect Our Data in The Cloud? You would think that cloud service providers are safe havens for your personal data – they all have a ‘security’ component embedded into their offerings and claim ...
Kash Shaikh

A Clairvoyant Look Back on 2021

In a lookback from the future, here is what happened in 2021 as reported on January 1, 2022. 2021 was the year that our world worked its way out of the 2020 pandemic and back ...