64 percent of IT professionals believe that their data and applications are more secure in the cloud than in their legacy on-premises systems. As more and more businesses push services and storage to the cloud, that’s good news.
But even though the consensus is that the public cloud is largely safe and secure, you can’t just ignore solid cloud security best practices.
You need to know for sure if it’s actually secure.
As it stands, far too many businesses fall victim to missteps when implementing their cloud strategy. According to IT research and advisory firm Gartner, by 2020 95 percent of cloud security failures will be the fault of the customer.
Let’s look at some of the most common bad cloud security symptoms. As you read, think about the status of your own cloud security – and if you’re immune from the same threats.
1. Issues with authentication
Even if your files are at rest in the public cloud, they aren’t totally secure. There’s a shared responsibility with public cloud access that puts the onus on you, just as much as the cloud provider, to keep files safe.
But that’s not all. Another major problem lies in determining that the correct users have access to them while keeping out unauthorized intruders.
For example, employees might use the same password for the cloud as they do for their email account. If their email password is exposed during a data breach, then it doesn’t matter how much security you and your cloud vendors add to systems.
Savvy attackers will attempt to use this password for the user’s accounts on other websites—which could mean a giant backdoor into your cloud storage.
In order to lock down malicious actors, require employees to keep a unique password while on the job. You can also investigate systems such as multi-factor authentication, which combine passwords with other authentication methods like security codes and fingerprints.
2. Misconfigurations in cloud security
In September 2017, IT security researcher Chris Vickery discovered four Amazon Web Services cloud storage buckets that were unintentionally available to the public by consulting firm Accenture. These files contained highly confidential data including security certificates, decryption keys, and client information.
The Accenture incident is just one example of how cloud security configuration errors and mistakes can leave your company’s most sensitive data exposed. Organizations ranging from Dow Jones and Verizon to the U.S. Army Intelligence and Security Command have accidentally revealed files and information in the public cloud to anyone who would know where to look for them.
According to a recent survey, more than half of companies who use public cloud services such as Amazon Web Services have unintentionally exposed some of their data due to problems with their security settings.
3. Lack of patching and visibility
Some of the most devastating data breaches in history, such as the 2017 Equifax attack that exposed the sensitive information of 143 million people, could have been entirely preventable.
Attackers were able to infiltrate the Equifax network by exploiting a vulnerability that had already been patched for months. For reasons of cloud security and compliance, you must keep your applications and hardware up-to-date at regular intervals.
While installing security updates is the provider’s responsibility when using the public cloud, customers are still obligated to do their homework by choosing the right cloud partner to begin with.
4. Lack of backups
You might think that the cloud is already your backup for the files on your on-premises servers. As companies migrate more and more of their operations into the cloud, however, it’s highly worthwhile to have a disaster recovery solution such as storing your files with multiple providers—just in case.
The story of the code hosting service Code Spaces offers a cautionary tale here. When hackers gained access to the company’s cloud infrastructure in 2014, the attackers first attempted to extort money from them and then deleted the vast majority of their data, backups, and configurations. Because the attackers exploited this single point of failure, Code Spaces could not recover from this cyber disaster and was forced to go out of business.
Ensure your cloud is secure with help from MCG
To ensure a truly secure cloud, your organization cannot allow any slip-ups in security like those listed above. That’s especially true when you consider the damages that security issues have, including:
- Reputational damages
- Compliance violations
- Financial losses
- Lawsuits and irate customers
But there’s also good news. You can ensure that you’re working within a secure cloud by partnering with a cloud security expert.
Michell Consulting Group’s cloud professionals can help you secure your cloud and gain peace of mind, all while getting the ROI you want and expect from cloud services. Contact us or call us today at 305-592-5620 to learn more.