In August of 2016, Dropbox announced that more than 60 million of its users’ logins and passwords had been spread across the internet after – they believe – the information was stolen in a data breach from 2012.
Just last February, a team of cryptocurrency researchers revealed that hackers had broken into Tesla’s Amazon cloud account, using it to mine Bitcoin.
And last year, Microsoft revealed in a blog post that their cloud security detects more than 1.5 million hack attempts every single day.
So yeah, it’s important to take your cloud security seriously.
But it doesn’t mean you should shy away from cloud solutions altogether.
Despite these security risks, cloud computing solutions only continue to grow.
The big three among them share millions of users, from individual users to multinational corporations like Tesla, and everyone in between.
In this first of a two-part series, we’ll talk about some of the risks inherent in cloud computing and how you can mitigate them.
When it comes to data transfer over the internet, there are always risks.
However, cloud computing comes with its own inherent risks.
Here are some of the most common risks associated with cloud computing.
1. Malware infection.
A cloud computing solution can serve as a convenient backup for your files.
Many services will offer to automatically back up your files for you, ensuring that what you have on your server is the most recent version.
So, if you arrive at your desk in the morning only to find you’ve been slammed with a ransomware attack like Wannacry or NotPetya which has locked every file on your computer, you might be relieved to think that you have a safe backup of all your files.
But here’s the thing, If your cloud storage is backing up your files automatically, it may have replaced your uninfected files with infected versions.
So not only are the files on your computer locked out, so are the backed-up versions.
Solution: The 3-2-1 Backup Rule
The 3-2-1 backup rule is a common idea in the world of data security.
But surprisingly, it wasn’t invented by an IT security specialist. In fact, it was created by a professional photographer who wanted to find a way to preserve his work as safely and simply as possible.
The 3-2-1 backup rule is simple.
Have THREE copies of your data.
Keep those copies on TWO different media.
Make sure ONE of those copies is stored in a separate location from the other two.
So, if you only have the active files you’re using and your cloud backup, you’re missing a piece of the puzzle.
Your cloud can be your off-site data backup, but you ought to have another backup solution as well.
If you’re hit with a ransomware attack, you’ll be happy you had that third backup.
2. Violation of regulations.
If your industry or business falls under the jurisdiction of certain regulations, uploading your files to your cloud may cause you some legal headaches.
For example, most healthcare practitioners are bound by rules of doctor-patient confidentiality.
Unless required by court summons, you aren’t permitted to grant someone else access to your patient’s records without their consent.
So, what happens if you upload your patients’ records to your cloud storage?
Who has access to them? Is this a breach of your regulations?
Here’s another issue – where is your cloud storage located?
And is the content you’re uploading even legal in that jurisdiction?
Businesses can be tempted to take their operations overseas in search of a lower bottom line.
But it’s important to be aware of the laws of such jurisdictions.
To illustrate a point, homosexuality is still a criminal offense in 71 different countries, so any business that serves LGBTQ+ individuals – including doctors and hospitals who serve their health needs – may potentially have their data at risk if their facilities are located in any of these 71 countries.
So if you’re an American company, doing business with a cloud storage business from Morocco, who owns facilities in India, whose laws apply to your data?
The answer to that depends on the laws of that locality.
Solution: Know Where Your Data Is Stored And Who Can Access It
By controlling who can access your cloud storage, you can stay on the right side of any confidentiality regulations.
After all, your IT manager shouldn’t know about your client’s bunions.
The same goes for lawyers or any business bound by a non-disclosure agreement.
Some NDA’s, for example, will bar you from using cloud storage to store your client’s data in a cloud.
If you rely heavily on cloud storage, it helps to include a clause in your NDA stating that cloud storage is permitted.
But it’s also important to know where your data is being stored.
Here at Skybox Cloud, for example, all our servers are located here in the United States.
What that means is that if you’re an American business, we’re likely already compliant with your needs.
For example, HIPAA – the Health Insurance Portability and Accountability Act.
It lays out, among many other things, the requirements for any cloud storage solution that works in the healthcare industry. Skybox Cloud is HIPAA compliant.
And the PCI DSS – the Payment Card Industry Data Security Standard.
This is a regulation created by the big five credit card companies, and is a prerequisite for any business that accepts credit card payments and processes credit card information. Skybox Cloud is PCI DSS compliant as well.
It’s important to note that public cloud services are often NOT HIPAA compliant, and using them can leave you at risk of a violation and some hefty fines.
3. Human error.
The surprising truth when it comes to data security is that data breaches aren’t coming from some elite hacker poring through line after line of code.
Genuine software weaknesses do happen, but when a piece of software hits the market it’s generally well tested, you would think.
Once a weakness is found it’s usually patched quickly, you would assume this as well.
You would be surprised.
Most hacks happen because of someone making a mistake at some point along the way.
This could be anything from a misconfigured network to a phishing scam to somebody sneaking into your office when you peek out for a coffee break and accessing your files.
Machines aren’t as smart as humans and aren’t capable of abstract thought, but at the same time we humans are much easier to dupe.
Solution: Train Your Staff
Make sure anyone who accesses your cloud is well versed in the basics of IT security.
This means developing an employee awareness program to help everyone understand things like:
- How to choose a good password
- How to recognize a phishing scam or other social engineering tricks
- How to keep your PC secure
- How to stay secure when working from home or traveling
- The risks of social networks or IM systems
- Data encryption and destruction
- And more
IT security is not just up to your IT department to worry about.
They need to be ready for technical attacks, like a DDoS, web exploits or a ransomware attack.
But the rest of your staff need to be prepared too.
Contact Skybox Cloud
If the above ideas have you a little frightened, you’re not alone.
Let’s face it – the internet can be a scary place, and data security is more important now than ever.
With so many cyberattacks and other risks afoot, you need a cloud computing solution that will take your data security seriously, is compliant with your industry’s regulations, and can grow with you.
Contact Skybox Cloud today.
Together, we’ll explore your needs and put together a hybrid cloud computing solution that works best for you.
Go ahead, contact Skybox Cloud today, and keep your data and your business secure.