Security and privacy remain a prominent concern for cloud computing. The current digital environment recently sparked legislation and debate globally about security and privacy protections.
For instance, the US National Institute of Standards and Technology (NIST) released a cybersecurity framework in the spring of 2018 that lists standards for securing the internet that all federal agencies are required to use via an executive order signed by President Trump. And in May 2018, the European Union passed a law, General Data Protection Regulation, to protect citizens against data breaches by making companies accountable for them along with privacy violations. Businesses that fail to protect privacy or suffer a data breach will be fined a substantial sum – “up to 4% of annual global turnover or €20 Million (whichever is greater).”
(Learn how SDxCentral is following GDPR here.)
Housing data and information in the cloud provides many benefits to users, such as data encryption. However, as with all computing and technology, the cloud holds its own vulnerabilities.
The Cloud Vulnerabilities
- Users lack control and visibility because the cloud service providers (CSP) contain those responsibilities.
- “The use of unauthorized cloud services could result in an increase in malware infections or data exfiltration since the organization is unable to protect resources it does not know about. The use of unauthorized cloud services also decreases an organization’s visibility and control of its network and data.”
- The accessibility of CSPs’ application programming interfaces (APIs) on the internet leaves a vulnerable weak spot open for malicious attacks.
- When the separation of multiple tenants in a shared public cloud falters, it opens up risk to all tenants on the cloud network.
- Data might not be completely deleted as intended since data is spread across the cloud network via storage devices.
Outside of the distinct considerations for cloud security, cloud computing shares some of the same security concerns as traditional networks. CyberArk found in its survey that “the top cyber security threats they [security professionals] face are targeted phishing attacks (56%), insider threats (51%), ransomware/malware (48%), unsecured privileged accounts (42%) and unsecured data stored in the cloud (41%).”
The SEI blog post lists the following security vulnerabilities that affect both traditional networking and the cloud:
- Insecure login protection.
- Vendor lockin, which is when a user switches CSP and the data is lost or cannot transfer.
- IT professionals might struggle with managing and monitoring due to the complexity of cloud computing.
- Security breaches from internal employees.
- Lost data from accidental deletion or natural disasters.
- Third parties in the supply chain might not uphold strong security precautions.
- The lack of due diligence to incorporate and maintain security efforts.
But steps to protect data in the cloud from hackers and leaks exist. Staying safe in cloud computing is achievable with the following practices.
The Security Tips: How to be Safe in Cloud Computing
The number one best practice in cloud safety is to maintain due diligence. Remain informed on the latest security issues and strategies. Review other tips for staying safe in cloud networking here:
- Double check that the CSP encrypts data.
- Use two-step authentication to log in to important accounts, such as sending a code via SMS to the user and validating that the owner of the account is the person accessing his or her information. (While this impedes hackers from obtaining login information, it’s not 100 percent foolproof as dedicated hackers can still tap in and reroute the incoming text message to their phone instead of the owner’s phone.)
- Routinely monitor workspaces.
- Red Hat advises reflecting on portability when choosing a cloud CSP to prevent lockins. “Service-level agreements (SLA) should clearly define when and how the cloud provider returns the customer’s data or applications.”
- Understand compliance, such as GDPR
- Define and incorporate key management, firewalls, centrally managed access control, and application-specific policies.
- Back up data in case of data loss or in case ransomware blocks users from accessing their information.
- Secure APIs as open APIs present a significant, and easily exploitable, security flaw.