Assessing just how safe you are in the cloud – and three tips to secure your business data
Each day, Internet users generate an average of 2.5 quintillion bytes of data, according to recent research from Domo. Per minute, The Weather Channel receives more than 18 million forecast requests, Netflix users stream almost 70,000 hours of video, and Google conducts 3.5 million searches.
90% of all data available today was created in the last two years. As a result, an ever-increasing amount of enterprise data is being stored in the public cloud, both exclusively and hybrid. But it seems not everything is as smooth as we want it to be in the paradise. There have been various cloud horror stories that forced us to think: how safe are we in the cloud?
Remember when hundreds of companies exposed PII as well as private emails (including confidential business emails) to the world through Google Groups back in 2017. A small settings error was to be blamed for such a massive data leakage and companies like Fusion Media Group, IBM's Weather Company, Freshworks, and SpotX etc. were affected by this security issue.
In another incident, Stanford University too suffered, not once, but in three separate data breaches. The data security breaches, which was caused by “misconfigured permissions” exposed not only personal employee information (including their salary information and Social Security numbers) but also student sexual assault reports and confidential financial aid reports. In fact, there are many such cloud security horror stories, enough to give you nightmares.
The cloud is dangerous
It is true that cloud environment offers the benefits of flexibility, availability, and low costs etc. But at the same time data storage in the cloud is becoming an increasing concern for anyone who use file storing and data sharing tools like Google Drive, Dropbox, Microsoft OneDrive, Amazon Drive, and the likes, when it comes to keeping their information private.
Data in the cloud is stored in an encrypted form, meaning they are encoded with a specific encryption key without which the stored files look like gibberish. A hacker needs to crack these keys to read the information. The most important factor, therefore, is: Who has the key? And this factor is often responsible for most data security breaches.
In most cases, the commercial cloud storage systems keep the key themselves so that their systems can see and process user data. Moreover, these systems can access the key as a user logs in using his/her password. While this is perhaps the most convenient way for cloud storage systems, it is also less secure. Any flaw in the service provider’s security practice can leave the users’ data vulnerable. Dropbox, for example, has been severely criticized for its security and privacy controversies.
Again, there are some cloud services that allow users to upload and download files only through service-specific client applications, which also include encryption functions. These service providers allow users to keep their encryption keys themselves and are therefore a bit more secure than the others; however, they aren’t perfect and there are chances that their own apps might be hacked and compromised, allowing the intruder to access your files.
How to protect yourself and your data
While there is no way you can ensure that your information is safe on the cloud, there are some protective measures that you can take to deal the issue of cloud privacy. Here are 3 data protection tips to reduce the risk of your cloud experience.
1. Encrypt your data and use encrypted cloud services
In addition, to add an additional layer of security to your files, you can encrypt your data before uploading them onto the cloud. There are many software that allows you to encrypt you file and make them password-protected before moving them to the cloud.
2. Backup your data locally
Always have electronic backups for your data so that you can access them even if the one on the cloud gets lost or corrupted. You can either keep it in an external storage device or in some other cloud storage. However, the former is perhaps a better option as you can access them even without Internet connectivity.
In addition, avoid keeping your sensitive information such as passwords, Social Security number, credit/debit card details, banking information, or even your intellectual property like patents and copyrights etc. in the cloud. These kind of information, if compromised, can result in potential data leakage.
3. Have strong passwords
Although you might have heard this before, making your password stronger is perhaps one of the best ways to safeguard your files stored in the cloud. Even the U.S. government has revamped its password recommendations. The days of picking your favorite phrase as your password and replacing a few characters with symbols are practically over. Also, stop doubling your one password for other services.
Instead, choose long, weird string of words as your password and add a combination of special characters, some capital letters, or numbers to make it stronger. Most data leakage happen due to easy to guess passwords. If required, test if your password on the safety of your computer. Another good practice is to change your password is every 90 days or less. This practice will also help you keep the internal intruders away, thus avoiding workplace breaches.
Keeping your data safe on the cloud is all about remaining secure, vigilant and resilient. Have a multi layered data security system in place and continue monitoring to ensure your systems are still secure. However, if you still feel your data is under threats of breaching, take control and quickly address the issue to recover before it causes a havoc. Don’t just rely on your cloud service providers’ security assurances. Always have your own security measures in place from the beginning. After all - it is better to be safe than sorry.
Find out more about cloud security best practices at the Cyber Security & Cloud Expo at Santa Clara on November 28-29.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » Eradicate human error and make your cloud implementation a picnic
- » Why the future of data security in the cloud is programmable
- » Puppet’s 2019 State of DevOps report: How security needs to fit into continuous delivery
- » Organisations struggling with sensitive cloud data as they shun security-first approach
- » How to create a cloud centre of excellence: A guide