If you’re reading this, you’ve probably already thought about moving your business to some sort of cloud-based system, and maybe you’ve already decided to make the move. But you might have heard about the security concerns inherent in the cloud, maybe even only in passing, such as when listening to people discuss the recent celebrity privacy scandals. It’s true that having data online may make it more accessible to hackers, but just how bad is it really? Is the cloud safe for your data and your business? And if not, are there ways you can protect yourself? This article attempts to examine recent security concerns with the cloud, to help you decide: is the cloud safe enough for you?
Some Concerns for Cloud Security
Common sense tells us that if something is online, it can be accessed, and the world has shown us this time and time again, but what are the main threats to cloud security? The Cloud Security Alliance names nine: data breaches, data loss, account or service traffic hijacking, insecure interfaces and APIs, denial of service, malicious insiders, cloud abuse, insufficient due diligence, and shared technology vulnerabilities. Each of these threats can be devastating. For example, with data breaches, a single flaw in one user’s application could allow a hacker to attack not only that user’s data, but all the data being processed by the application in that system. Traffic hijacking can also be a major risk to consider. In 2010, an attack on Amazon allowed hackers to hijack credentials to the site, which could potentially have allowed them to use the site to launch subsequent attacks.
When considering the safety of the cloud, it’s important to consider that any of those nine threats could become a problem for you and your business and making plans to counter those threats should they arise. After all, asking ‘is the cloud safe?’ is only the first step, but the answer you get is what it is. The second step is deciding what you can do to make it safer.
Ways to Keep Your Data Safe
The problem with fighting the two biggest threats to cloud security—data breach and data loss—is that the solution to one exacerbates the risk of the other. Encrypting data is one possible way to guard yourself against data breach, but losing the encryption key is a good way to lose your own data, resulting in data loss. Creating offline back-ups of data help lower the risk of data loss, however having copies of your data lying around could result in a data breach. This balancing act is an issue, however, it is one that can be controlled and planned for. An increase in security around any offline back-ups of your data may help guard against data breaches, while keeping good track of your data’s encryption key may help guard against data loss.
The next two threats—traffic hijacking and insecure interfaces—can be countered by just being more vigilant and more cautious about who data is being shared with. The best way to protect against traffic hijacking is to protect your credentials, and that includes not sharing them carelessly. The first step towards combating insecure interfaces is also being more vigilant—understanding the security implications associated with cloud services. The sixth risk on the list, malicious insiders, can be reduced significantly if the encryption keys are kept with the customer, and not with the company providing the cloud service. Insufficient due diligence is another problem that can be solved by simply understanding the risks inherent in the cloud—knowing what you’re getting into before you jump into it. Knowing where the risks are allows the user to be more careful, and not put themselves in a situation where their data might be compromised. Denial of service and cloud abuse might be more difficult to guard against, but a better understanding of the cloud and the security risks involved allows you to be more prepared in the event that one of those becomes an issue. Shared technology vulnerabilities, the last threat, is something that is affected by the limitations of the technology and as such, will exist until the technology improves. The challenge here is knowing the threat, assessing the risk, and being prepared to work around it.
And finally, though this may seem obvious, never forget the importance of a good password! All cloud services have some form of master password you use to get to your files, so make sure it’s a good one. Longer is better, mixing between numbers, uppercase letters, lowercase letters, and symbols is even better. Stay away from short dictionary word passwords, or obvious passwords like your birthday (or ‘1234567890’). Remember not to share your password with anyone, and don’t reuse your passwords for anything else.
So, is the cloud safe? The answer to that question depends on you. There are security risks inherent in the cloud, and it’s possible that those risks may end up causing you to decide that moving your data over to the cloud just isn’t worth it, but if you’ve worked out that the cloud is safe within your acceptable level of risk, then the rest is up to you.