Cloud cover is a term that has been co-opted to define business technology in addition to physical weather patterns. More businesses are utilizing cloud based Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). The benefits of the cloud for business efficiency are well stated and hard to argue with. Still, the number one fear among individuals and businesses is that moving to the cloud puts critical data at risk. For some, this fear prevents them from moving to the cloud. For others who have made the move already, this fear still looms, with the threat of headline-inducing consequences.
Many believe the greatest risk when it comes to data loss as a result of cloud computing is the malicious hacker. Although the furtive actions of a hacker are troubling, data shows that hackers are opportunists; they often require some type of user error or security exploit to penetrate a business’s data. The biggest actual threats to data are lack of knowledge among users, and lax securities that are easily fortified.
A survey recently published by the Cloud Security Alliance found that “insufficient identity, credential and access management ranked as the top vulnerability when it comes to cloud computing.”
Credentials are one of the opportunities mentioned above that hackers look for to make a profitable data intrusion. One way to prevent compromised credentials is to ensure that your IT security is sufficient: utilizing single sign-on solutions and multi-factor authentication for all users, appropriately managing privileged access accounts and securities, appropriately managing session monitoring, and providing continuous reporting and monitoring of the health of your IT systems.
Another way to prevent compromised credentials is to ensure that all of your users are adhering to a universal security protocol. Keeping passwords in plain sight, using pet names, “password,” or a sequence of numbers as a password, and never logging out of a computer or program are all easily remedied security risks.
User error on its own contributes greatly to data leakage. One of the more dangerous mistakes that employees can make is simply clicking on a malicious link, opening a suspicious file, or opening unknown email attachments. These actions make the user’s computer vulnerable to ransomware attacks. Ransomware attacks are particularly nasty by definition because when multiple files and/or software is hosted and synced to a cloud network, the infection radius spreads exponentially. If an infected file is automatically synced to the cloud, the infection has a new space to grow, and a hacker has new access to other files and computers. Make sure that your employees are properly trained in the dangers and entry points for ransomware attacks.
Although concerns for data loss revolve around data breaches, a large portion of data loss occurs due to a less malicious reason; accidental deletion by employees. When a cloud service provider has no backup and recovery policy, and if a business does not proactively set up a backup solution, accidental deletion can mean the loss of business data forever.
Backup and Recovery
Data backup is a very important proactive solution for data loss. This backup can be in the form of cloud-to-cloud backup, meaning your data is backed up by a separate cloud service or in a cloud service provider’s separate data storage facility. Backup can also be done manually, in-house.
Regardless of the type of backup, for it to be effective your cloud service provider needs to be able to provide recovery for files, email and software immediately. Whether the problem is accidental deletion or file corruption, when a proper backup and recovery policy is in effect, the data loss should be able to be caught and remedied immediately.
The threat of data loss from cloud computing is as strong (or as minor) as the internal knowledge and security protocols of the users contributing to it. An article in Talkin’ Cloud reported this:
“According to the [Cloud Security Alliance] report, 76 percent of internal access control policies extended to outsourced IT, vendors and other third parties, which highlights how critical due diligence is when selecting vendors and partners with appropriate security measures in place.”
Choosing the right IT staff or vendor is critical to your success with cloud computing. Your cloud service provider and IT staff must be able to offer a comprehensive backup and recovery strategy, considering everything from accidental deletion, file corruption, hacker intrusion, all the way to natural disaster affecting computer hardware. Consistent monitoring of the health of your data and software, as well as round-the-clock availability for troubleshooting and customer support should also be a consideration when choosing an IT service provider.
Finally, being able to instruct all users on basic computer, email, file and software securities, whether that be proper password maintenance or the newest in malware threats, should be offered by your IT staff.