blog-header.jpg

IT and Copier Talk Your Business Can Rely On

Can You Guess the Top 2 Cloud Security Threats?

Posted by Monique Phalen | Sep 28, 2017 11:13:42 AM

Cloud security threats are real, but the biggest ones aren't what you think

Do you have a cloud IT strategy?

Or are you still performing all IT functions in-house with your own staff?

And if you do have a cloud strategy, do you intend to have your current staff plan and implement that on top of their current workload? Do they have the skills needed – especially when it comes to security?

As I've written before, The Cloud Isn't an IT Silver Bullet. It is a great way to outsource basic IT functions like network security and data backup.

If you're reading this, you're probably at least thinking about cloud adoption – 90% of companies are in some stage of cloud adoption. 76% of organizations having deployed or are implementing, or piloting a cloud solution. 14% are in the planning stages. Only 10% have no plans at all (if you're one of those, you should reconsider!).

The benefits are obvious: flexible capacity and scalability, improved availability, business continuity, reduced costs and complexity, and regulatory compliance.

Despite the fact that cloud providers often operate in a more secure environment (read Cloud Backup: More Secure Than In-House), security risks continues as the number 1 barrier to the cloud. A close second is a lack of staff or staff expertise to manage any security issues in the cloud (I've written about the cybersecurity hiring shortage, One Looming Cybersecurity Risk – No Cybersecurity Staff).

Access: A Major Cloud Security Challenge

Of course, you should be concerned with cloud security. Here are the top three major security challenges that concern business:

  • Data loss/leakage

  • Data privacy

  • Confidentiality

Those are concerns for in-house systems too.

Ironically, the top security threats aren't technology-related, they're people-related:

  1. Unauthorized access

  2. Hijacking of accounts, services, or traffic

  3. Insecure interfaces/APIs

  4. External sharing of data

  5. Malicious insiders

Loose password policy, a security policy that isn't followed, and users having their accounts hacked with phishing emails are some of the employee-caused actions that can allow a cloud system to be hacked. 

If you look at the list, three of the top five cloud security threats aren't related to IT at all.

A Few Cloud Security Tips

If you outsource to an IT managed services partner – for cloud data backup, for example – you must remember that it's still your data and you remain liable for securing your information (with help from your managed services partner of course!).

Before you sign with a partner, be sure they demonstrated a redundant infrastructure with geographically dispersed data centers to ensure continued operation in the case of a disaster. Ask them about their business continuity plan to ensure continued access to your data.

For backup and storage information security, Providers who adhere National Institutes of Standards and Technology (NIST)-certified encryption standards ensures data is encrypted on your site before transmission to the cloud and remains encrypted. No one else has access to your information because there's a single key to the encryption that only you have. The Advanced Encryption Standard and FIPS 140-2 is a third-party validation and indication that a cloud service provider adheres to the most robust encryption standards currently available.

Have a service level agreement (SLA) with your provider to establish mutually agreeable operational levels and expectations – including for security. Related to security and control, SLA terms could include expectations for being alerted to security lapses for the cloud providers other clients and expectations into insight into your data.

Before you store your data in the cloud, assess the sensitivity of the data you are considering placing there. If the data needs to comply with regulations such as HIPAA, have your cloud partner show you that their systems comply so that you aren't out of compliance.

Your information is as secure, if not more secure, in the hands of an outsourced cloud partner. Regardless of whether you decide to DIY or engage an IT service provider to provide cloud IT support, don't let concerns about security stop you.

Avoid hackers. Stay safe. Click here to learn more.

Stats from Cloud Security 2017 Spotlight Reportby Cloudvisory.

 

Topics: Security, Managed IT Services, Cloud

Written by Monique Phalen

Mo is the resident IT go-to lady at AIS. She has traveled the world, run a marathon, is a self proclaimed crossword champion, and can do ventriloquism. She has an uncanny memory ....down to the detail. She has 4 half marathons and hates running. In her free time, she likes to spend time with her 7 siblings and 20 nieces and nephews.

Leave a Comment