Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure?

Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that 64 percent of medium and large businesses believe cloud infrastructure is more secure than legacy systems.

What factors contribute to positive and negative impressions of cloud security? What should businesses do to protect their data better?

Fear of the Cloud Arises From Media and Lack of Knowledge

You cannot blame people for being worried about cloud security. Everyone remembers the Target and Home Depot breaches, which compromised tens of millions of customer credit card information, as well as the Apple iCloud hack that leaked private celebrity photos to the public. These incidents caused many major news outlets to question cloud security. However, the media forgot to mention that these three high-profile attacks did not have much to do with cloud computing.

Target allowed a third-party to access its network, and then hackers got ahold of that third party’s log in credentials. Home Depot was attacked in much the same way, with hackers stealing a vendor’s login, accessing the network, and then using custom malware to get around the company’s antivirus software.

Even large businesses have mixed feelings about security in the cloud, naming it both the number one benefit and most frequently encountered challenge.

Many recent data breaches have been reported incorrectly. … In most cases, it is human error, and the Cloud cannot protect you from that.” – Jason Reichl, CEO, Go Nimbly

Impressions of Cloud Security Remain Resilient

Despite these events, this year, 90 percent of enterprises plan to increase or maintain their annual spending on cloud computing. If cloud infrastructure were such a risk, businesses would not be investing in the platform at such high rates.

david-linthicumDavid Linthicum, Senior Vice President of Cloud Technology Partners, says to think about cloud security systems like this: is your money safer stuffed in a mattress at home where you have control of it or with your local bank? A bank, obviously, is better positioned to protect your money because they have a vault and security cameras and are insured. Likewise, a cloud service provider (CSP) is better positioned to protect your data because they invest in 24-7 monitoring, the best cyber security tools, and physical barriers, such as video surveillance and biometric scanning.

Unfortunately, cloud infrastructure security on its own, out-of-the-box, is not enough to safeguard your business’ crucial data.

Steps to Ensure Data Security in the Cloud

What steps should businesses take to ensure data security, when using cloud infrastructure?

Migrating to the cloud starts with selecting a CSP that fits your business’ needs. It is important to recognize that not all CSPs are equal.

In 2013, former Editor in Chief of Yahoo Tech Dan Tynan detailed his experience with Box. In particular, he talked about how all his Box files once disappeared for six months. Specifically, his login didn’t work and the company could not locate the account associated with his email. This means Tynan’s data was missing for half a year, which raises concerns about stolen information. Who had access to his data?

National Security Agency (NSA) whistleblower Edward Snowden also warned against relying on the security features of another popular cloud service, Dropbox.

Dropbox? Get rid of Dropbox. It doesn’t support encryption. It doesn’t protect your private files. Use competitors, like SpiderOak, that do the same exact service, but they protect the content of what you’re sharing,” Snowden said in a 2014 interview with the New Yorker.

Indeed, it is true: some CSPs are more secure than others. For example, the difference between Dropbox and SpiderOak is that Dropbox, as well as many other major CSPs, encrypts data on its own servers but does not encrypt data locally, leaving it vulnerable to attacks. Conversely, SpiderOak encrypts data on both your local servers and their personal servers, reducing the opportunity for a security breach.

Regardless of the CSP your business uses, additional local security measures, such as data encryption, improved identity access policies, and regular audits, will minimize the possibility of a costly cyber attack.

By Sarah Patrick

Martin Mendelsohn
The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
Stacey Farrar
Document Migrations Require More Diligence Data creation has risen dramatically in recent years and shows no signs of slowing. According to analyst firm IDC, widespread remote work led to a spike of new data in ...
Episode 16: Bigger is not always better: the benefits of working with smaller cloud providers
The benefits of working with smaller cloud providers A conversation with Ryan Pollock, VP Product Marketing and Developer Relationships for Vultr.com - Everyone knows who the big players are in the cloud business. But sometimes, ...
MIT
Smart Manufacturing Startups AI and machine learning's potential to drive greater visibility, control, and insight across shop floors while monitoring machines and processes in real-time continue to attract venture capital. $62 billion is now invested ...
Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.