Cloud security

Cloud security issues: the real threats

64 percent of IT professionals believe that their data and applications are more secure in the cloud than in their legacy on-premises systems. As more and more businesses push services and storage to the cloud, that’s good news.

But even though the consensus is that the public cloud is largely safe and secure, you can’t just ignore solid cloud security best practices.

Far too many businesses fall victim to missteps when implementing their cloud strategy. According to IT research and advisory firm Gartner, by 2020 95 percent of cloud security failures will be the fault of the customer.

In this article, we’ll discuss 4 of the most important cloud security errors.

  1. Authentication issues

Once your files are at rest in the public cloud, they should be fairly secure. The problem lies in determining that the correct users have access to them while keeping out unauthorized intruders.

For example, employees might use the same password for the cloud as they do for their email account. If a data breach exposes their email password, this password has become compromised. It doesn’t matter how much security Amazon and Microsoft add to their cloud servers. This is because savvy attackers will attempt to use this password for the user’s accounts on other websites. This could mean a giant backdoor into your cloud storage.

In order to lock down malicious actors, require employees to keep a unique password while on the job. You can also investigate systems such as multi-factor authentication. This method combines passwords with other authentication methods like security codes and fingerprints.

  1. Cloud security misconfigurations

In September 2017, IT security researcher Chris Vickery discovered four Amazon Web Services cloud storage buckets that were unintentionally available to the public by consulting firm Accenture. These files contained highly confidential data including security certificates, decryption keys, and client information.

The Accenture incident is just one example of many. Cloud security configuration errors and mistakes can leave your company’s most sensitive data exposed. Organizations ranging from Dow Jones and Verizon to the U.S. Army Intelligence and Security Command have accidentally revealed files and information in the public cloud to anyone who would know where to look for them.

According to a recent survey, more than half of companies who use public cloud services such as Amazon Web Services have unintentionally exposed some of their data due to problems with their security settings.

  1. Lack of patching and visibility

Some of the most devastating data breaches in history, such as the 2017 Equifax attack that exposed the sensitive information of 143 million people, could have been entirely preventable. Attackers infiltrated the Equifax network by exploiting a vulnerability that had previously been patched months prior. For reasons of cloud security and compliance, you must keep your applications and hardware up-to-date at regular intervals.

Installing security updates is the provider’s responsibility when using the public cloud. However, customers are still obligated to do their homework and must choose the right cloud partner to begin with. In addition, mature public cloud providers like AWS offer tools such as CloudTrail and CloudWatch for clients to keep track of activities within their cloud environment.

  1. Lack of backups

You might think that the cloud is already your backup for the files on your on-premises servers. As companies migrate more and more of their operations into the cloud, however, it’s highly worthwhile to have a disaster recovery solution such as storing your files with multiple providers—just in case.

The story of the code hosting service Code Spaces offers a cautionary tale here. When hackers gained access to the company’s cloud infrastructure in 2014, the attackers first attempted to extort money from them. They then deleted the vast majority of Code Spaces’ data, backups, and configurations. Because the attackers exploited this single point of failure, Code Spaces could not recover from this cyber disaster. They were shortly forced to go out of business.