As data goes serverless and cloud computing takes off, security has become more important than ever.
Although the cloud has brought with it many advantages, and clouds are used in schools, government institutions, hospitals and business sectors, there are also a few things we should be careful of when it comes to data security and cloud computing.
Technological innovation also brings with it increased vulnerability to threats and cyber attacks, and storing data over a cloud-based storage system can put sensitive information and applications at risk.
Companies may be subject to a data breach. Thanks to the vast amount of data stored by cloud servers, they can easily become a more attractive target for hackers than on traditional corporate networks. Although providers do have security options and controls to protect environments, organisations take the responsibility for the protection of their data too. Take back your cloud.
Every cloud user should take care of their credentials and authentication as often breaches are the result of weak passwords, poor key or certificate management or lax authentication in general. Its worth setting up two factor authentication like one time passwords, phone based authentication or other forms of identity verification. Some businesses might deem it more worthwhile to implement two factor authentication rather than running the risk that one centralised identity will be extremely high in value for potential attackers.
Shared memory, databases and other resources within a company are in close proximity to one another, meaning new attack surfaces can be created. Basic IT processes can mitigate attacks on such system vulnerabilities. Emergency patching addressed by changed control processes should be properly documented and reviewed by technical teams so that all patching can be done as quickly as possible.
All transactions through accounts should be monitored and traced to a real action by the owner, so that if account credentials are stolen they can be detected quickly and will not go unnoticed (or untreated) for too long. In order to protect account details from being stolen users should be aware of how to prevent attacks like phishing, fraud and software exploits. The problem is that cloud services can actually make such attacks easier because attackers can eavesdrop on activities, manipulate translations and modify data.
Malicious insiders can come in many forms, whether it be a current or former employee, a system administrator, a business partner or a client, and they can have many reasons why they might want to leak or steal data. For this reason, access to company cloud accounts should be reduced to only those who really need access, or trusted members of staff for the most sensitive data (which might be better to save in a different location entirely). Administrators should perform effective and thorough logging, monitoring and auditing.
Advanced persistent threats (APTs) are parasitical attacks, they infiltrate systems and get a foothold, sneakily exfiltrating files and sensitive data content over a longer period of time. These might get into a system via spear phishing, direct attacks or USB drives and its important that IT department stay informed on what the latest advanced attacks are, keep all system users alert on what they are and stop them from easily being tricked into letting an APT in.
Clouds are not forever, data can also be lost if the provider goes down or their data centres are somehow destroyed. In fact, data centres have upped security since there has been speculation that they are an attractive target for terrorists. Natural disasters like floods can also pose a threat to data centres. That´s why its so crucial that organisations and individuals make use of more than one solution for their data storage, back up regularly and use offsite storage.
Don´t let concerns about data security stop you from utilising the cloud to its full potential.
get2Clouds is the ultimate cloud security tool, use it to securely transfer large files to your clients, whereby a link is sent to the recipient either via email or using the get2Clouds messenger, where everything you send is end-to-end encrypted.
The file transfer manager is currently compatible with Google Drive, Dropbox, Box, Microsoft OneDrive and more.
get2Clouds is free to download here.