Cloud computing used to be a buzzword thrown around by large enterprises with a reputation for being on the frontier of innovation. Now, it’s something seeping into the realm of small businesses. Moving to the cloud requires a lot of preparation. What’s our budget? How will this affect workflows? One aspect that can’t be overlooked is how your business will enforce cloud security. In recent years, cybercrime has gone from being a noteworthy problem to an epidemic. McAfee’s report, “Economic Impact of Cybercrime -- No Slowing Down,” asserts that there was a worldwide cybercrime cost of between $445 and $608 billion in 2017.
Interestingly, cloud security breaches are typically not the fault of the cloud provider, but of the customer. According to Gartner, “through 2022, at least 95% of cloud security failures will be the customer’s fault.” When looking for a provider, many companies place their efforts on finding a secure system, rather than examining their policies and standards for implementing this system. A lack of care on this end is the real culprit for breaches. Because the cloud is fairly new, so are the mechanisms to keep it secure. The first step is to identify holes in your security plan.
Find Your Weak Spots:
Malware and the Cloud:
Hackers are inventing new avenues for attacks more quickly than companies are catching up to these new ways to attack. One of these avenues is to disguise malware attacks as the normal everyday use of cloud-based applications. The second an employee opens this infected application, you expose your company to a security breach without any obvious sign that this is what you’re doing.
Business continues as normal for weeks -- or even months -- before the infestation becomes obvious. By then, the damage has been done. The question becomes “how do we recover?” And the answer to this question is typically quite costly.
As technology has advanced, the complexity passwords require has increased. “Why does this password need to include an uppercase letter, number, punctuation, and not contain a word that can be found in the dictionary?” These requirements seem over the top, but these added layers of complexity are actually crucial in the fight against data breaches.
A software engineer at Google made their password, “muffins.” We know this because of a password dump -- “when a website’s security has been exposed and the contents of the website are dumped on the web.” Through the same means, we know that an editor at TIME made their password “Indiana” and a journalist at Yahoo! Made their password “abc123.” The importance of a stringent password protocol cannot be underestimated.
In addition to password strength -- scalable identity management systems, multifactor authentication, ongoing automated rotation of cryptographic keys are all factors in keeping your cloud safe.
When using cryptographic keys, it’s important that they are maintained in a secure way. For example, you should not embed them in source code. Secure these keys by keeping them in a well-secured public key infrastructure (PKI).
Multi-factor authentication is also key for keeping your cloud secure. Think about all the steps it takes to log into your bank account. Whenever you attempt to access this information from a new device, it’s common to be asked security questions or input a verification code sent to your phone. These things feel like a hassle, but are essential for keeping you and your company secure from attacks on the cloud.
A malicious insider is anyone within your company that poses a purposeful threat to your company’s cybersecurity. This could be anyone from an administrator, to a contractor, or even an old employee who has current logins. In fact, 13% of small businesses who have experienced an attack peg a malicious insider as the culprit.
It’s vital to ensure that only people within your workplace have access to records and platforms that they absolutely need -- especially in the advent of cloud-based companies where systems are so interconnected.
The Bottom Line:
Clearly, cloud security is less about what technology you implement and more about how you implement it. By identifying potential security holes, you can patch them up before they become a magnet for cyber predators. It’s important to partner with an expert IT provider to ensure you don’t fall victim to a costly security breach. If you’re ready to partner with someone who understands the ins and outs of cloud security, contact us today. If you want to stay up to date on all the latest cyber trends, subscribe to our blog.