The Security Risks of Cloud Computing – 6 Ways Your Business Can Beat Them!
More and more companies are embracing cloud computing tools, and for good reason.
Armed with the right cloud tools, teams can seamlessly create, review, and co-author projects from across the globe. Cloud solutions can also be a linchpin for morale-boosting, overhead-slashing remote working policies.
Useful though it may be, cloud computing isn’t the problem-free, utopian solution it’s often marketed as. In fact, cloud-powered SaaS (Software as a Service) platforms and cloud storage repositories can present their own cybersecurity worries.
Cybersecurity Risks in the Cloud: Trouble in Tech-Paradise
Due to the growth of the cloud market, cybercriminals are rapidly adjusting their attack strategies to suit. Moving to the cloud isn’t going to reduce cybercrime – it’s just going to present cybercriminals with new options.
Cloud computing is an exciting new frontier for business, certainly, but it’s an equally exciting prospect for hackers.
Also worth bearing in mind is the fact that, yes, cloud providers will physically mind your data and “keep the lights on” in terms of functionality, but you may be totally on your own in terms of keeping your accounts and data secure.
Related Reading – Cloud Repatriation: Why Some Firms are Leaving The Cloud
So, let’s look at 6 ways that businesses like yours can stay safe in the cloud.
6 Ways Your Company Can Stay Secure While Using Cloud Technologies
1. Invest in Cyber Security Training
Cybersecurity controls like firewalls, antivirus software, and intrusion prevention systems are becoming harder to hack by the day. Cybercriminals are therefore moving en masse to a much easier “win” – using psychological tricks to convince a target company’s employees to do their bidding.
When done by email, this is called “phishing”, and hackers use it to gain access to sensitive data, steal cloud login credentials, and spread malware.
Business-critical login credentials like Office 365 and G Suite are a particular target for criminals. A convincing enough phishing email could result in a member of staff sharing their Office 365 username and password. And as simple as that, the hacker now has an entry point into crucial cloud resources and data – possibly even on-premises networked resources too. It’s scary stuff.
Though security systems can filter out some phishing messages, company-wide cyber-awareness training should always be considered your first line of defence. Good cybersecurity awareness training should cover much more than just phishing, but it’s a particularly important trend to be aware of.
2. User Authentication & Access Control
Training can be a great investment, but it is far from a watertight solution. If somebody does let their guard down following a phishing email and shares their cloud login credentials, what happens then?
Well, if you’re using Multi-Factor Authentication (MFA) tools to protect that login, there’s no need to panic. Rather than purely relying on a username and password in order to log in, MFA tools (like WatchGuard AuthPoint) require users to fulfil additional authorisation steps before access is granted.
Therefore, if a username and password does become compromised, unauthorised parties would still be unable to log in without that person’s unique authentication factor(s).
Additionally, cloud security tools like SonicWall’s Cloud App Security (CAS) help to monitor your company’s public cloud activity and automatically uphold your security policies, preventing account takeovers and suspicious access requests.
3. Keeping Data Secure “At Rest”
If data is just being stored, ready to be accessed and not travelling anywhere, it’s referred to as “at rest”.
Even when your data storage is protected behind usernames, passwords, and MFA tools, it may not be totally secure in the cloud. Poorly configured cloud storage repositories like Amazon AWS and Microsoft Azure can easily be left misconfigured, leaving their data as good as public if a hacker were to know where to look.
There are countless horror stories online of misconfigured cloud storage leading to worrying data breaches. Researchers have discovered numerous “leaky” storage spaces in recent years, including sensitive customer service records, user information from dating sites, and even prison inmate records. It doesn’t bear thinking about what could have happened had a criminal got to that data first.
Thankfully Amazon have recently released a “block public access” option in AWS that should go some way to stem the problem. But providers are far from perfect – Microsoft recently closed a bug in Azure that would have given hackers unbridled access to an organisation’s cloud services.
Encrypting your data at rest adds another layer of security, though not all cloud platforms encrypt your data – at least not by default. Both Office 365 and G Suite appear to automatically encrypt user data at rest, but AWS merely leaves server-side encryption as an optional toggle. Carefully check your provider’s small print to check whether your data is (or can be) encrypted.
It’s also worth mentioning that data held in the cloud isn’t automatically safe from malware either. Solutions like SonicWall CAS provide advanced malware protection, sandboxing, and cloud email security.
4. Data Security In Transit
As opposed to data at rest, data “in transit” is data en route to its destination.
Though infiltrating data at rest can provide a much richer harvest, some opportunistic hackers will try to snoop in on data while it’s on the move. The metaphorical “hacker in a coffee shop” listening in on the sensitive Wi-Fi communications going on around them is an example of exfiltrating data in transit.
Thankfully, in-transit encryption is now fairly commonplace. Most websites now use secure, encrypted HTTPS connections by default, putting a spanner in the works for any would-be data-snoopers. If they try to listen in, the data will all be strongly encrypted.
But even stronger off-network snooping protection can be achieved by using a remote access VPN to connect to both on-premises network resources and to company cloud resources. This creates a secure, encrypted tunnel between your device and the servers in question.
Refer to your individual cloud provider to see if your data is encrypted in transit. If your connection to the cloud platform relies on an HTTPS connection through a web browser then that already provides fairly robust in-transit encryption, but more encryption is always better!
5. Disaster Continuity/Recovery Planning
Just as you would make business continuity plans around your business’s physical assets (e.g., “what to do if a flood impacts our office or factory floor” or “what to do if someone breaks in and steals equipment”) you should also make plans for the worst when it comes to your cloud resources too.
Think “what’s the worst that could happen?” and make plans for those eventualities.
What would you do if Azure, AWS, or Dropbox got hacked in such a way that deleted your data or otherwise cut off your access to it? What would you do if someone stole or leaked that data? What if a piece of ransomware raced through your network and ended up encrypting a synchronised cloud data store? Even with the most stringent cybersecurity systems in place, you should still establish a plan of action should the worst happen.
Sadly, there are no disaster planning quick fixes that we can advise here; problems and solutions will vary wildly from company to company. But if you’re worried about data loss, then regular, secure backups are the answer.
They’re not going to solve regulatory scrutiny in case of a breach or solve the underlying problems that led to the data loss, but they can help get you back up and running if an attack deletes your data, encrypts a server, or scrambles access credentials.
6. Security Monitoring & Automation
Being able to monitor and secure your entire cloud landscape, in real time, from a single digital vantage point is absolutely essential. Otherwise, how would you ensure that files coming into your corner of the cloud are scanned for malware and quarantined if they pose a threat?
How would you know if a hacker was trying to force entry into your cloud resources using automated password spraying? How would you be able to ensure that sensitive cloud resources aren’t being accessed in another country or using unexpected devices?
These are just a few examples, but there’s no real way of achieving this kind of overarching, infrastructure-wide, “single pane of glass” visibility without investing in cloud security tools. The right cloud security platform should – at the very least – check incoming and uploaded files for malware; maintain logs of file uploads and changes; record all login attempts (and flag failed or suspicious attempts); and generally let you know who’s logged in to what, where, how, and when.
SonicWall CAS does all of this and much more. CAS provides in-depth usage reporting, both historically and in real time, and can spot suspicious activity like phishing attempts, impersonation attacks, and suspicious cloud-to-cloud connections. It also features robust data loss prevention (DLP) and security policy controls, all accessible from an intuitive dashboard.
Cyber incidents can unfold in mere moments, making it impossible for humans to react in time. With this in mind, security automation tools are becoming increasingly invaluable due to their ability to immediately and independently respond to threats. CAS uses AI to identify compromised or impersonated accounts within your organisation and automates breach prevention capabilities across a plethora of SaaS platforms.
Worried about your cloud security? SonicWall’s Cloud App Security (CAS) provides next-generation cybersecurity for numerous SaaS applications, including Office 365, G Suite and more. CAS provides reliable breach prevention, malware protection, email security, policy control, and usage visibility. Secure your corner of the cloud today with CAS.
Remember we’re always here for a spot of free advice and to help minimise your network security worries wherever possible. Just call us on 0808 1644414 or drop us a line to request a call back.