Cloud Data Safety
This year has certainly been troublesome for businesses when it comes to data security. Numerous cyber attacks have plagued the normal business continuity, thereby triggering an outflow of customers on one hand, and potential legal implications on the other. Ransomware and data leaks are just a few examples of various threats that can unexpectedly throw your corporate workflow off balance, which is unquestionably inadmissible for any organization. With that in mind, let’s see how you can protect your business.
Ransomware is a type of malware that overtakes a computer and threatens to publish or wipe out the information on the computer unless a ransom is paid. We’ve witnessed a couple of them not long ago. Namely, the infamous WannaCry attack struck in may and was estimated to affect around 200’000 computers, halting production of Honda cars and disrupting national hospitals in England. The economic impact of the attack lies in the range of $200 million and $4 billion. Needless to say, a lot of sensitive data was permanently lost; however, that could’ve been avoided if certain preventive measures had been taken. Hindsight is twenty-twenty, and yet it is crucial to reiterate that all of the critical data must be regularly backed up. That way even if you get struck by ransomware, you’ll be able to just erase the storage device that contains your operating system, data, and the ransomware. The final step would be to restore the backed up data and carry on with the business.
Designing backup strategies
A general rule of thumb when designing sensible backup strategies is that files should be backed up to at least one cloud and one local destination. That way no unexpected accident would catch you off guard. If the cloud storage experiences an on-site failure — that’s okay, you have a local backup at hand. Similarly, a local storage malfunction will not affect your data integrity, as you have a cloud storage accessible from anywhere. Cloud backups are particularly expedient in the event of a crisis that requires you to relocate elsewhere — merely having the Internet connection will allow you to continue the business as usual. Actively fighting ransomware by employing antivirus software is on the one hand recommended, but on the other hand questionable, as the effectiveness of this approach is hardly predictable or consistent. The passive approach of dealing with ransomware by regularly backing up data is naturally preferable because your data remains secure and intact regardless of the damage inflicted by the ransomware.
It’s not just the backup itself that matters, the data must also be encrypted. Needless to say, some types of software seek not only to delete your data, but also to access it and send it to the criminals for various reasons. You therefore need to ensure that even if your data were stolen, it would not be readable by third parties. That’s where 256-bit encryption steps in, providing you military-grade protection for your most sensitive data. Most backup solutions on the market offer built-in encryption, so next time you backup your data — make sure it’s properly encrypted.
Last but not least are the so-called lifecycle policies. Not only do you need to backup your data to the cloud, it’s also crucial to determine the time frame in which it’s going to be stored there and the storage class that best suits your requirements. For Instance, it makes sense to back up rarely-accessed files to a low-cost Amazon Glacier, while oft-accessed files should by design be stored under S3. These storage classes are flexible and enable you to move files between them as you see fit. Let’s suppose that you’re backing up some company reports that you know might be necessary within the next 30 days, but afterward will likely be useless, but you still need to store them so your audit inspector is happy. In this scenario you can set up a lifecycle policy that stores you backed up data for 30 days under S3, and thereafter automatically transfers it to Glacier for long-term archiving. That way you can meticulously configure your storage and lifecycle policies that reflect your backup requirements and expenditure expectations.
While people expect various cyber attacks to come their way, the majority almost always think that the giants like Amazon have no weaknesses. The truth of the matter though is that your data is never secure regardless of where you store it. Let us mention just a few instances wherein cloud data stored on Amazon S3 was leaked due to misconfiguration of AWS security policies:
1) Dow Jones, the world’s leading financial information agency, was affected by an Amazon Web Services (AWS) cloud data leakage because of user error and wrong bucket access restriction configuration. Names, email addresses and financial information of about 2 million customers were exposed.
2) NICE Systems, a third-party vendor for Verizon, misconfigured cloud-based file repository, exposed the names, addresses, account details, and account PINs of 14 millions Verizon customers. The Amazon S3 data repository was configured to allow public access to call logs which included the above-mentioned data.
3) Republican National Committee (RNC) voter database was left exposed to any unauthorized user. As it was later discovered, this happened due to misconfigured AWS security policies.
These events clearly demonstrate that your data is at risk while being both on your local storage and on the cloud storage. There’s always room for human error and Data leaks, so it is only fitting to assume that your data can always and everywhere be corrupted and leaked. If you’ve prepared for the worst, nothing and nobody can access or delete your data — and that’s what you should be aiming at.
It is recommended to do the following things to ensure that your data is safe in the cloud:
1) Check your security policies in the cloud. All of the aforementioned security leaks have one trait in common: they all stem from the improper use of AWS security configurations. So if you have a number of employees all backing up their data to AWS, ensure that they only have the required permissions within the cloud. Elsewise, they might end up sharing the data with the rest of the world, to put it mildly.
2) Encrypt files with your own password. Many people rely on Amazon’s proprietary server-side encryption to store their data securely. Yet this option is hardly gonna protect your data in case your AWS credentials are compromised, as Amazon will immediately decrypt the data upon a request sent using the said credentials. That’s why it is advisable to upload already encrypted files to the cloud, so that even a leak will make it impossible to decipher your data. Most backup solutions on the market already employ 256-bit encryption for backups, thereby ensuring that any damage stemming from mishandled AWS security policies will be contained. Similarly, you can outright encrypt files using built-in utilities; for instance, MacOS has a built-in openssl encryptor that can be invoked from the terminal.
So these are just a few tips to ensure that your data remains ever secure, intact, and replicated all of the time. Employing the aforementioned tactics will ensure that your business carries on regardless of the emerging crises, avoiding customers and revenue loss. It goes without saying that the cloud is slowly but surely becoming the new normal, and that means countless new opportunities and sadly exposure to new security risks. We suggest you embrace the new status quo, take preventive measures, and hopefully your cloud backup experience will be tranquil and robust.
By Alexander Negrash
Alexander Negrash is the director of marketing at CloudBerry Lab, a provider of backup and management solutions for public cloud storage.