There are certain phrases, we all come to learn, that can make us seem like engaged experts in any given business meeting, regardless of our non-expert status. “Well I guess we’ll have to circle back on that,” is a classic, as is “It’s all about finding the synergy,” and thanks to a recent development in computing, we all have a new phrase to bust out whenever the topic turns to IT issues: “We should probably think about moving it to the cloud.”
The thing is, many organizations should think about moving their IT infrastructure, services and resources to the cloud as there are many benefits to be had. However, there are also a few major security issues associated with the cloud when migration, deployment and management isn’t handled properly…and it often isn’t.
Looking to the cloud
In short, cloud computing is storing and accessing data and programs over the internet instead of over physical servers or computers or other hardware located on-site.
The immediate benefit to cloud computing is that all that hardware that would have otherwise needed to be purchased and maintained, including updates – forget it. It’s someone else’s job to keep things running smoothly. The built-in scalability of cloud computing also gives businesses the kind of agility they could only dream of previously, making it easy to grow and expand as business demands. Smaller businesses are also able to use enterprise-class technology thanks to pay-as-you go services that keep costs down and tech quality up.
Cloud-based workflow makes all data and documents available centrally, providing organizations with one version of the truth, not only saving time and effort in preventing duplicate work but making it easier for employees to collaborate. Storing it all in the cloud also makes it easily accessible at anytime from anywhere.
The upsides to cloud computing are significant, and the cloud certainly represents the future of computing. However, many organizations think investing in cloud computing is a shortcut to reducing security requirements. While cloud-based security solutions like protection against DDoS or DoS attacks or identity management with a managed service model represent major security upgrades, an organization’s cloud computing environment still requires careful management in order to avoid these major pitfalls.
You might assume that your cloud provider is handling your security settings, and you might be right. You might also assume those security settings provide an acceptable level of protection, and that is where you might be very wrong. A 2017 report found that over 50% of organizations using cloud storage services have exposed data to the public, while almost 40% of organizations have had administrative user accounts compromised. High profile slip-ups include the exposure of the personal information of 198 million US voters and the exposure of the personal data of 14 million Verizon customers. Both of those incidents occurred in July of 2017.
The worst thing about these incidents is that they aren’t caused by brilliant hackers masterminding data breaches (although there will be more on those in a minute), it’s that these consequences are 100% caused by security misconfigurations. One incorrect setting, and 198 million people had their social security numbers broadcast to the world.
While cloud providers are tasked with providing security of the cloud, the organization using the cloud is generally responsible for providing security in the cloud – and a lot of organizations don’t realize it. This is why misconfigured databases or vulnerable APIs have been a veritable treasure trove for enterprising cloud hackers.
Data breaches are of course not a threat that is unique to cloud computing environments, as every year untold millions of files are stolen from on-premise setups, but if organizations assume their data is safe because they’re paying money to a cloud provider, they could very well be hideously, horribly wrong.
Insufficient access management
The cloud is handy because data and documents are all stored centrally, able to be accessed from any where at any time. This is very convenient for employees…and also for bad actors who manage to crack user credentials who can then go on a stealing, modifying and deleting spree with an organization’s data, unleash malware, or issue management functions, to name just a few things hackers can get up to in the cloud if identity and access management isn’t taken seriously.
Sunny skies ahead
Cloud computing isn’t the one-stop solution it may occasionally be touted as. However, no technology is, and for most organizations the benefits of cloud computing far outweigh the security measure this type of computing environment requires. A web application firewall or WAF can help shore up the cloud’s security, while data encryption for data in transit as well as at rest will help minimize the damage a hacker can do. Multi-factor authentication is also an effective measure when it comes to preventing compromised credentials. To sound like a true genius at your next IT-related meeting, try altering your go-to statement to “As long as we can address the security concerns, we should probably think about moving it to the cloud,” and wait for the impressed faces to turn in your direction.