With all of the buzz around moving your business data and applications to the cloud, not many people ever question what type of data is being stored there. But cyber criminals do question it, and they are very happy. This new data from the recent Blackhat conference shocked me.
While "the cloud" can offer you incredible convenience in accessing your data, offloading the burden, and leveraging the storage and computing power of these platforms can have its perks, however, more often than not it opens up a plethora of issues.
What is in "The Cloud"
According to new data, 18.1% of all data in the cloud contains sensitive data and can be considered confidential or private. This data includes:
- Payment Data
- Password Protected Files
- Health Data
- Personal Data
- Personal Identifiable Information
Additionally, 75% of all cloud accounts are not properly secured. The reason is, when companies make the move to leverage the cloud, they often don't think about the security. Most of these providers keep the liability on the business when it comes to protecting this information. But on the flip side, most companies who move to the cloud assume the provider is handling the security. Ah, the details in that terms of service agreement.
Adding Security to the Cloud
You are responsible for any organizational data stored with a third party company. You need to take proper steps to secure this information. Stop listening to technology experts suggesting you leverage these hosted providers to move your business to the next level. They are not concerned with security. You need the advice of a cyber security firm.
If you have made the move, or are considering one, here are some things you need to do to lock down these cloud services:
- Get a Cloud Firewall - This is just like your in-house firewall but runs on a virtual level to secure your services and servers.
- Use MFA - Using multi-factor authentication is a huge step you can tale to secure access to cloud data. Further using MFA to secure email and web based access for your users is necessary. Do not fall victim to cloud attacks such a the Persistent Login Attack becoming so prevalent.
- Secure Yoru Service Accounts - These are the accounts used to synchronize data between your physical office and your hosted services. These accounts often have elevated privileges and provide access to a lot of information.
- Use a VPN - You should be using a hardened VPN tunnel to secure all connections and communications to the hosted provider. Do not overlook this critical step. This should be easy if you are using a cloud firewall.
Remember, cloud is just another term to refer to the internet. This means you need to take the same steps to secure this point of entry/exit. You will not save any money on cyber security products by moving to the cloud, you need to take the same precautions as you would anywhere else.