Cloud Security: Risks and Countermeasures
Blog / Cloud Security: Risks and Countermeasures
3 MIN READ
Insufficient Access management
Access management is a common security risk in cloud computing. An access point is a key to everything and that’s why hackers continuously target them, especially using brute force attacks. However there are ways to handle the issue, here are a few ideas:
- Multi-Factor Authentication: This is a critical component of the users side. It adds an extra layer of protection because in addition to a regular password, the user gets a disposable key on a private device. The user will be sent a notification if someone attempts to break into their account
- Distinct Layout: Access management can be different for different people. With a specific layout you can determine the availability of different information for different users. For example the marketing department doesn’t need access to the security departments protocols and vice versa
Data Breaches
If a data breach occurs that usually means the information was extracted without authorisation and the likelihood is that the stolen information is being held for ransom or being sold on the black market. Sometimes hackers will also leak information online for public viewing but most likely they’ll be looking for financial gain.
Information in cloud storage is under multiple layers of protection. It can't be accessed through hacking under normal circumstances. However, it is available from devices and accounts that hold cryptographic keys. In layman's terms, a hacker can get in if they know someone who has access to it.
There are several ways to stop a data breach from happening; here are some practices to try:
- Perimeter Firewall: A perimeter firewall between a public and private network will monitor and control incoming and outgoing traffic in the system
- Data-at-Rest Encryption: Data as rest is the encryption of data that is stored in databases and is not moving through networks
- Multi-Factor Authentication: Once again multi-factor authentication is a certifiable form of protection. Having a user present more than just evidence of identity and credentials, such as a randomly generated one use code that is received upon entering a password, has become increasingly common nowadays and is often one of the cloud security standards
Reduced Visibility and Control over Data
When using a cloud provider you may not have a clear idea of where and how your data is stored or who can access it. For example your software as a service provider (SaaS) may rely on a third party to host your data, leading to an obscure chain of command that further reduces your control.
This lack of visibility diminishes your ability to establish clear rules regarding the collection of your data and who’s accountable for protecting it. Inadequate data governance can result in noncompliance with GDPR standards and result in penalties for your organisation.
To ensure that your data is in trusted hands consider the following:
- Choosing your Provider Wisely: Make sure that security experts working for the cloud provider you choose handle regulatory compliance and that they are staying up-to-date on the latest rules and regulations that could affect your data
- Storage Location: When choosing a cloud service provider, make sure you know exactly where they plan on storing your data. If a vendor stores your data in another country, that country’s laws might affect who can access your information and how it can be controlled
Permanent Data Deletion is Challenging
Deleting a file stored in the cloud doesn’t necessarily mean no copy or instance of that file exists elsewhere. Cloud providers regularly copy your data to multiple backup centres to ensure uninterrupted service. When you delete a file, your vendor marks it as “deleted” but doesn’t remove it from the server immediately. You have to request permanent deletion to remove all traces of a file however even after that’s done you can never be sure it’s completely erased.
What to ask your Cloud Provider:
- Be sure to ask if they have provisions in place to delete backup data completely when requested
- Ask how your data will be backed up and where the backups will be stored
- Make sure you know what will happen to your data when you terminate the cloud service
How can Securiwiser help your Organisation?
Securiwiser will routinely monitor your website, network and devices for twenty-four hours a day to ensure that no suspicious activity is happening. You can have peace of mind that should any unusual activity be detected you will be notified immediately and a report detailing the findings of the scan will be sent to you. You will get advice on how to remedy the situation yourself if possible or who to contact to fix the immediate problem. You will also get grades based on how well each aspect of your security is functioning, so you will always know what needs attention and where your security needs tightening.
How secure is
your school?
Blog categories
How secure is
your school?