How organizations can better protect their cloud deployments
COMPANIES that have yet to move to the cloud often cite cybersecurity concerns as one of their biggest deterrents.
Their hesitance is entirely understandable as data breaches would not only cost them financially but also cause harm to their reputation.
The problems, however, are not even technical, as asserted by a recent report on the subject, which further claimed that the top two types of attack on cloud storage solutions are credential jacking and misconfiguration of cloud services.
Credential jacking is an effective method for cybercriminals as they are essentially attacking the people with legitimate access to breach into a network.
There are numerous ways hackers get a hold of people’s credential. Some of the common tactics include phishing and log-in harvesting from a different data breach.
Further, some employees aren’t protecting their passwords to company systems well enough, and have them written down and lying around, making it susceptible to theft.
The second security weakness, which also involves the human element, is the misconfiguration of the cloud network where a service is deployed and put to use without proper security protocol in place, making it practically defenseless.
This could stem from the notion that cloud services are so easy to set-up, which gives way to certain unrealistic expectations, as well as lack of proper understanding of the nuances and intricacies of the technology.
Lack of understanding and expertise
At least some of the blame for this disconnect could be leveled at cloud service providers, for failing to educate the clients on how the security options work, adequately.
One prime example is that many cloud services come with the option of deploying a firewall, but configuring the system may not be explained to the customers.
This problem is so alarming that up to 7 percent of a particular cloud storage system is open to the public, while 35 percent more are not utilizing any encryption at all, despite the fact it comes “standard” with the service, according to the report.
While the storage service itself pretty robust, as the author of the report noted, the issue is simply the misconfiguration of the system by users or lack of understanding of the security features of the system.
Beyond that, due to the interconnected nature of the modern business environment, a lot of third party vendors are given privileged access to enterprise networks to ease transaction and services. These credentials and access are also prime targets for potential bad actors.
Addressing the vulnerabilities
These weak points, fortunately, can be avoided entirely. Organizations should have their employees trained and briefed on the companies’ network security policies.
Further, they need to be aware of the common cyber attacks and phishing techniques and understand the steps they need to take if they come across an attempted breach or incident.
In addition to that, companies also would immensely benefit from implementing corporate governance that would restrict any employees from setting up cloud storage services or even accessing one without proper training.
To deal with increasing user access to the network, companies could also segment their network to multiple tiers, or segment them based on business units and functions.
In conclusion, while the hesitance of companies in migrating to the cloud is somewhat warranted, most of the issues stem from the human element, which could be addressed by training and creating strong policies.
By doing so, companies would be able to leverage the cutting edge technology that is cloud storage and computing to improve their operational efficiency and reduce data storage costs.