The world is already crazy about the cloud. Business chatter has gone from the type of cloud that seems permanently fixed above the British Isles, to the type of cloud that offers superior flexibility, seamless accessibility, improved productivity and limitless possibility. So, what’s to lose?
The cloud has started a battle of the trade-offs: accessibility & convenience vs tight security. The cloud is certainly a compromise, as it places the impetus of securing data and systems into the hands of SaaS (software-as-a-service) providers or IaaS (infrastructure-as-a-service) hosts.
This presents an inherent risk, but is it a risk you should let your (and your employer's) reputation rely upon? To make this decision, you need to review the biggest security challenges of the cloud.
To help you do just that, here are the biggest threats you could face when using the cloud:
1. Data Breaches
The biggest of Internet-based businesses aren’t immune to data breaches. Take LinkedIn; in 2012, they were targeted in an attack that resulted in thousands of passwords being stolen. Just several weeks ago, this data was found for sale on ‘the dark web’ for just over $2,000.
Cloud Service Providers are banks of business information. They host vital, sensitive business data that so many businesses rely on. The modern day, tech equivalent of a bank heist is an attack on one of these cloud service providers. They need to constantly innovate their security techniques, as the consequences of a breach could cause widespread devastation.
Minimising the risk of a data breach can be completed by simply being selective when choosing a provider. It’s advisable to seek one that utilises multi-factor authentication and the latest data encryption techniques to protect your data should the worst come to the worst.
2. Account Hijacking
Could the biggest security headache of the cloud be your colleagues?
Naturally, when humans mix with technology, there are intrinsic security risks that cannot be completely circumvented.
The latest phishing scams, social hacking tricks, and other deceptive acts can allow unauthorised access directly into the heartbeat of your systems. Hackers would be able to monitor business activity, steal your data in a heartbeat and leak vital strategic information.
To prevent this, you need to galvanise your colleagues and make them aware of the threats of phishing scams and social hacking. Implement training techniques that will empower your team to leave hackers out in the dark, rather than welcoming them with open arms.
3. DoS (Denial of Service) Attacks
DoS attacks (Denial of Service) target servers and overload their resources to take them down. It’s not just smaller companies with smaller server capacities that are being caught out; Sony, Microsoft, and HSBC have all been taken down at key operating times.
The consequences of any Denial of Service attack can be much further reaching than simply preventing access to data. In modern businesses data is key, and a DoS attack can damage reputations, stop operations and make a real dent in revenues.
Attacks cannot always be prevented. The best way to avoid the consequences of them is to always be on the lookout for the next best alternative, so don’t get too tied down to one provider!
4. Vulnerable Interfaces & APIs
Imagine your systems are a castle, then the drawbridge is your interface; allowing and restricting access where necessary. The issue is, that your drawbridge can be seen by anyone walking past, and it’s easy to see there could be some valuable information behind there. Any flaw in your drawbridge could leave your entire castle exposed.
It’s vital that if your system utilises APIs and interfaces, they are rigorously tested for any vulnerabilities, and that all relevant code is reviewed from a security standpoint prior to launch.
5. Inside Jobs
An ever-present threat in the world of IT security. Cloud services aren’t going to circumvent the possibility of any malicious insider gaining access to your data. These insiders could be contracted staff, interns, ex-employees or even unhappy employees.
As cloud services are typically accessed through a simple username and password login, it can be easy for people with physical access to perform a destructive attack with access if the right precautions are not in place.
Reinforcing password policies and regularly reviewing account access rights can ensure access is only granted where necessary. Also, an effective backup plan can help you minimise the impact of a destructive attack, daily backups for a small-to-medium sized business may suffice, but larger businesses may need to be backed up more frequently.
6. Login Credentials
Again, account permission management is a vital aspect of a cloud service security strategy.
There is sometimes very little you can do to encourage employees from using weak passwords, so it’s even more important to ensure that user accounts are assigned only permissions they need.
With so much scrutiny placed on security practice, it can be easier for hackers to steal login credentials over scouting out vulnerabilities in your system. Some cloud service providers are aware of this, and are implementing multi-factor authentication to minimise the consequences of password details getting into the wrong hands.
We’ve seen some of the following multi-factor authentication techniques used increasingly:
- SMS Code Authentication (the ‘go-to’ - as used by Facebook, Twitter, Google & Microsoft)
- One-time passwords (valid for only one login session)
In many circumstances, passwords simply aren’t enough of a security measure on their own. Using multi-factor authentication allows you to ensure that only authorised people can access your systems.
The cloud is taking over the world, employees love the productivity and accessibility values it can bring. But in that trade-off between accessibility and security, it can be hard to know where you stand.
Service providers are putting more resources than ever into innovating and securing their infrastructure because the consequences can be so severe. It’s working though: the rise of social hacking is a symptom of this increasingly strong security scrutiny around the world.
But still, the biggest risks are internal - and can be with your colleagues. It’s now vital to raise awareness and enforce security procedures that your colleagues need to comply with.