Like Stranger Things and avocado toast, some huge trends are worth the hype. The cloud is one of them. If it feels like everybody’s moving to the cloud these days, it’s because they are.
It’s predicted that by the end of 2022, more than 90% of enterprises around the world will use the cloud. Gartner predicted that global spending on public cloud services for end-users was to grow to a total of $494.7 billion, with it expected to reach $600 billion in 2023.
This mass migration has a lot of perks, namely it saves companies a lot of money and it allows them to easily provide data to their users and customers at much higher speeds round the clock. It’s much more easily scalable and can service global networks and help your organization expand across its home borders, as when circumstances demand. Cloud networks also tend to have a higher fault tolerance, ensuring that when things do go wrong, most users will still be able to access the network.
For all the benefits we extol, it begs the question: is storing your company data in cloud actually safe?
The short answer is not always. The slightly longer answer is not always, but it can be.
Where trends go, attackers will follow. The cloud is no exception. The porous, flexible and accessible nature of the cloud just presents new problems and risks that need to be considered before an organization takes the plunge with the cloud. Where we advance in cloud security, attackers will have matched, measure for measure. Just like legacy cybersecurity, cloud security needs to be intuitive, evasive, and adaptive.
Securing data in the cloud still follows the same principles as data that resides on premise does. This article will dive into what cloud data is, what some of the biggest threats to cloud data are, and how you as a business can combat these threats.
Why Securing Data In The Cloud Is Important
What Are The Biggest Threats To Cloud Data?
The cloud hinges on the ability to readily share data as and when it is needed. While it makes day-to-day life easier, it also makes the exfiltration of data much easier. Link sharing–a vital component when it comes to sharing important documents that need collaboration at work–is a common problem within this category.
Some of the biggest threats to cloud data include:
- Compromised user accounts: Attacks can gain control of a user’s credentials to gain unauthorized access to a network. While this is a problem in and of itself, it can exacerbate and spiral out from there. When a threat actor commandeers a user’s credentials, they can do a significant amount of damage by accessing and changing things within that user’s accounts. They can steal data or launch attacks–both of which can be more successful if the user in question has more access and privileges than they actually need. If attackers can’t necessarily access certain areas of the network or hack their prime target account, they can use the initial; compromised set of credentials to make a lateral move within the network and acquire more and more access as they go along.
- Data loss and leakage: it comes as no surprise that the biggest threat to your data is your data actually leaving your network unauthorized.
- External sharing of internal files: link-sharing has made our working lives easier when it comes to collaborating on documents and files, but these links can be sent to users outside of the network, it can be stolen, or it can acquired during a cyberattack, giving anyone–but especially attackers–access and control of a file. Link-sharing can be difficult to manage, as often you can’t revoke access from specific individuals.
- Insecure Interfaces/APIs and misconfiguration: having misconfigured security settings on your cloud services and data storages can lead to vantage points that can be leveraged by attackers. Insecure interfaces and APIs can also be used by attackers to find methods for accessing and stealing data from a company’s cloud.
- Lack of visibility into your cloud network: company cloud platforms tend to operate outside of traditional networks, meaning visibility into these platforms can seriously be reduced, meaning there’s more places for attackers to hide.
- Cyberattacks: Cyberattacks, especially ransomware attacks, pose a huge threat to your cloud data. Cloud environments can be accessed via the internet–making sure these connections are secured and blocking any malicious attempts to gain access is crucial. Ransomware attacks can seize data, encrypting it before attackers offering the encrypted key for companies to get their data back. Other forms of attacks can result in the loss or theft of cloud data, or breaches and leaks. DDoS attacks can severely hinder network activity and result in downtime, meaning that users won’t be able to access the data they need. Supply chain attacks are also a frequent issue for cloud networks. Supply chain attacks are caused by attackers using a trusted third-party’s software or services to instigate further attacks on clients belonging to that third party.
How To Keep Your Data In The Cloud Secure
If you’re considering moving your company data or critical business applications such as email to the cloud, there are a number of steps you need to take to ensure that data is protected. This is critical: data loss can cause financial loss to your organization, damage to your brand reputation, or fines if you breach compliance with data protection regulations.
Cloud environments are a lot different to on-prem environments, and traditional security tools and protocols aren’t always suitable for cloud environments. While in the past, security tools had the office front door as a clear security perimeter, in today’s world of hybrid and remote workforces, things are much murkier.
In this new environment, many new factors need to be considered, like how remote, hybrid, and casual users to the network all pose serious risk to the security of your cloud data. Your whole security architecture needs to be reconfigured, but the core basic principles remain.
Securing Identities And Managing Access
Unauthorized access poses one of the biggest risks to your company and your data; it’s unauthorized access which allows attackers to move laterally within a network once they have managed to compromise a single account, leak and exfiltrate data, and install malware or ransomware for follow up attacks. Introducing policies and tools that manage user permissions, access, and accounts ensures that admins stay in control of who is accessing their cloud network and data–and when.
Identity and access management (IAM) solutions are a handy tool for doing exactly that. It blends authentication, authorization, user management, and central user repositories to create a pervasive and adaptive solution that manages users and their identities.
Features for IAM usually include:
- Single Sign-On (SSO): This enables users to use one set of credentials at the start of a session before being logged in automatically to every application they use during a session.
- Multi-Factor Authentication: This adds an extra layer of authentication for users logging, for them to reconfirm their identity.
- Risk-based authentication: This feature assesses the risk profile of users when requesting access to certain data or applications.
- Identity Governance: Manages the user’s lifecycle of their account.
- Identity Analytics: This feature uses machine learning to understand user behavior and detect anomalies.
Other features include directory services, access management, identity governance and administration features, and more to make sure data stays protected within the cloud.
The Top 10 Identity And Access Management Solutions
Creating BYOD Security Policies
One of the biggest and perhaps newer threats to the cloud and subsequent data in that cloud is the increase of BYOD (bring-your-own-devices). This is where employees use their own personal devices for work, increasingly common in the post-COVID work-from-home normal. These devices are less secure than company-devices as there is no oversight over installed applications or security in place, which can put connected company accounts at risk.
Implementing multi factor authentication (or indeed two-factor authentication) helps ward against instances where attackers do manage to get a hold of your users’ credentials.
Incorporating a password manager into your endpoint security architecture is also an excellent move. Password managers essentially act as a password vault which auto supply your credentials when prompted. Password managers will act as an encrypted vault, saving your passwords to be used when you need to log in to an application.
You just need to enter a set of credentials when you log in at the start of a session (your username or email and your master password) which will automatically log you in to every app saved to your encrypted vault.
Password managers are fantastic for reducing password fatigue, which isn’t turn leads to users having poor password hygiene. Poor password hygiene is essentially the phenomenon of users having weak, easy to guess passwords or reusing passwords, because with the number of applications and credentials needed in both work and personal life, creating unpredictable, unique passwords for every app is a big ask.
Beyond this, having an endpoint security solution for employee devices would also be beneficial in this regard.
The Top 11 Endpoint Security Solutions For Business
Backup And Recovery
Having a backup to data you’ve secured in the cloud is key to making sure your business stays online and mitigates the level of impact in the event there is a serious breach or attack on your network. Backup solutions essentially store copies of your data and applications on a separate server that is isolated from the rest of your network. In the event of an attack (particularly ransomware attacks)
Flexible, robust data backups for cloud allow for organizations to immediately access data if their servers become compromised and as well as helping with rapid recovery so you can get your business back online within a short time frame.
A company’s backup and recovery protocols are defined by the Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
- RTO is the length of time an organization sets for the maximum period of time needed to bring servers and restore data online after an attack.
- RPO, conversely, is a set amount of data an organization would find acceptable with losing in the event of an attack. This will usually be marked by a length of time which is punctuated by a backup to a storage center. If the RPO is set to 24 hours, once those 24 hours pass, all data accrued within that time frame will be saved. If there is a breach and subsequent data loss or ransomware attack in that period–and before the 24 hours passes–everything in that timeframe will be lost. RPOs can be configured to what a company deems necessary and can even be as short as 60 minutes.
Like with most tools, cloud backup solutions aren’t a silver bullet solution and they’re not a perfect fix. Just like with most cybersecurity and network products, they need to be properly maintained on a regular basis. Maintenance and testing ought to be carried out frequently to make sure there are no vulnerabilities, the solution is configured correctly, and there hasn’t been any breaches your team hasn’t been aware of.
Implement A Virtual Firewall(s)
Cloud-native or cloud-friendly firewalls can be implemented throughout your network–no matter how ill-defined your network perimeter may actually be. Unstable or insecure Wi-Fi connections users use to connect to your network, connecting guest devices, or just the numerous BYODs that employees connect, all pose problems as they’re all connections that can be taken advantage of by threat actors.
Cloud firewalls operate just like regular firewalls do–by filtering out malicious network traffic, working on a preset block list. This block list can refer to a preconfigured list set by admins and/or refer to shared lists from other organizations. Firewalls have traditionally acted as barriers between a network and the internet, but with the rise in popularity of cloud computing, the network perimeter has gotten more flexible, more porous, and arguably fuzzier over the years–making cloud firewalls all the more important.
The benefits of cloud firewalls are numerous and pretty much any organization can’t exist without one. They block malicious traffic (which also includes a wide range of threats and attacks), they can. By nature of them being cloud-native, these firewalls are often highly scalable and integratable with existing networks (regardless of if it’s on-prem, SaaS, cloud, etc).
Some firewalls are even capable of preventing certain information and sensitive data from actually leaving your network.
Cloud Data Loss Prevention
Data loss prevention (DLP) is the feature in a company’s cybersecurity strategy that retains data inside their company network. It categorizes, sorts, and prioritizes data. It keeps data safe from attacks, inside threats and malicious internal actors, and breaches–accidental or otherwise. DLP is also used to achieve data visibility, secure remote workforces and BYOD environments, secure data in cloud systems, and more.
DLP secures data when it is in motion and at rest, secures endpoints, performs data identification and data leak detection.
More a set of strategies, tools, and protocols than one particular thing, DLP has a range of functions it performs. It tags documents, detects anomalies, delivers investigation and response capabilities, alerts admins to data misuse, can shield data from malware and ransomware in the event of an attack, provide data filtering and classification, and much more.
The Top 8 Cloud Data Security Solutions
Keeping Your Data
Data that stays in the network for a long time needs to be appropriately managed—it either ends up deleted, in archives, or in storage centers. Here’s an explanation of each.
Cloud Storage
What is cloud storage? As the name might imply, cloud storage is storage for data in the cloud.
How cloud storage works tends to vary on the actual type of storage “container”. There are three types: object, block, and file. Object storage stores data as “objects” which has three main parts: the actual data stored in-file, associated metadata, and a single identifier which is unique to that object. It is then stored in a drive. Block storage breaks up large amounts of data into smaller amounts which are referred to as blocks. Again, each block is assigned a unique identifier before being stored on a drive. And lastly, file storage stores data in the storage containers through a system of files and folders. Much like the folders used to store your own files, the files go into folders, and then the folders may go into other folders, all labeled and dated accordingly. File and block are often a lot easier to search for.
For those that can’t (or simply don’t want to) manage their own cloud data, you can outsource the actual management, protection, backing up, and general hold of your cloud data to a cloud storage service, to be made accessible to users as and when it is needed. These services are commonly offered at a monthly rate, based on the level of data stored.
For a lot of organizations though, they opt to keep stock and management of their own cloud data. In these instances, organizations need to implement and maintain best practices to make sure cloud data stays protected.
There are three options when it comes to cloud storage: private, public, and hybrid.
- Public: Public cloud storage services offer flexible storage that stores customer data in the storage service provider’s data centers, with the potential for this data to be spread across or concentrated in the network.
- Private: Private versions are situated in-house and protected via a firewall. Private cloud storage units still allow for easy and immediate access of data. They’re a suitable option for organizations that need flexible, scalable storage but have to work within tight data security regulations and requirements.
- Hybrid: A mix of the two listed above, hybrid cloud environments have specific management software that can integrate both the public and private platforms. Hybrid environments usually consist of an established connection between an on-prem data center and a public cloud. The connection can also incorporate other cloud environments and edge devices.
Data Archiving
Some data can’t be deleted, however, and needs to be kept on file for whenever it may be needed in the future. This is especially important for the healthcare industries, where organizations need to frequently pull up patient records that are decades old or because of regulations that require certain industries to keep data on file for a while (i.e., banking). The answer here is cloud archives.
Cloud archives are archives built for long-term data retention, usually to free up storage space but it has other reasons. It keeps the data “on file” yet no longer in house, in separate, encrypted, yet easily accessible storage to be accessed as and when needed. It differs from cloud backups in that data is regularly copied and updated. Cloud archive is when data is off-site and that data remains unchanged after it leaves the site and resides at its final resting place in the archive–particularly important should a legal case arise and original, untampered data is needed as part of the case.
Most archives usually reside within a public cloud, but archives in hybrid environments are also possible. The latter is often seen in industries where the data needs to be accessed fairly frequently and quickly. The more important, less frequently accessed data will usually be archived off-site. All of this will be encrypted, ensuring the security of your data.
Cloud archiving has a lot of benefits, including helping to reduce the amount of data stored on-site which takes up valuable space, is more cost effective, can be a safe and durable location to store old data, and helps your organization stay compliant with data regulation policies. Larger organizations frequently take care of cloud archiving tools themselves, although smaller organizations may stand to benefit from outsourcing this to a third-party provider.
Data Sanitization
The cyber world revolves around data and data accumulates. Eventually, it gets to the point where companies have more data than they know what to deal with, or it’s too sensitive to be able to hang on to without
It’s also, quite simply, more stuff to be able to consider in data security strategies, and in the event of a data breach, attackers are graced with an exponential amount of sensitive data that they can exploit. This is where data sanitization comes in.
As the name might imply, data sanitization is essentially “sanitizing” your networks of specific data–i.e. deleting data from your devices, servers, and records permanently. While it might seem antithetical to securing your data in the cloud, data sanitization is actually part and parcel of a lot of industry regulation and standard criteria. It’s particularly important in certain industries that deal with sensitive data. Usually these industries will have a time limit on the data and how long it can be retained within a company on record. Once that retainer period is over, companies are legally obligated to cleanse their records of it, limiting the amount of sensitive information that can be accessed in incidents of data breaches, because it’s no longer needed, or it’s old data.
For companies that operate on-prem, data sanitization normally works by the organization in question archiving or deleting the relevant records in question. More often than not, companies will need to acquire a certificate confirming the sanitization of the records so that if an IT organization audit is performed, the company can easily confirm they’ve handled the data appropriately.
For companies that operate in the cloud, it works a little differently. If you already have your data stored in cloud storage centers, then the vendor you’re contracted with is obligated to destroy this data for you–especially important when considering if they’re breached, they have vast amounts of data that can become breached and compromised.
Summary
New environments are always going to present attackers with new ways to get a hold of the most precious thing a business has–their data. By nature, the cloud(s) isn’t technically that secure for your data to be in, but with the right steps, implementing best practices, and continuing to test your perimeters, servers, and subsequent storage units, you can help safeguard your data from threat actors.
Steadfastly archiving your less used data and storage the frequently used, managing access and control of your users, implementing robust cloud firewalls, and having a strong backup solution in case things go wrong, are all vital steps to make sure your data stays where it’s supposed to be.
