Dealing With Cloud Security
If there’s one thing that the Internet Age seems to have plenty of, it’s buzzwords. When some new innovation makes its debut, suddenly we need a buzzword or phrase to describe it. The phrase then gets used so much that it usually ends up a cliché. The big buzz phrase these days is “cloud computing”, and it’s anything but a cliché.
Cloud computing is an innovation with far-reaching usefulness, but it’s easy to get blinded to the fact that it comes with its own risks and threats. Let’s take a look at a few of the biggest cloud security threats, as well as how to deal with them.
Data Loss: The whole idea of storing information via the cloud is to add a level of safety and security, but data loss is possible due to human error on the cloud servers’ side. And that’s just an accidental loss; intruders can attempt to access the server and deliberately destroy data.
Denial of Service: Having your data stored offsite on a cloud server is all well and good, but it’s ultimately useless if you can’t access it. Denial of Service attacks occur when the offsite system is inundated by a huge number of automated service requests, so that everything comes to a standstill. Good luck trying to get through that data gridlock and retrieve that crucial data you need!
Data Breaches: Whereas a data loss is “merely” the destruction of stored data, a data breach deals with intruders getting onto the servers and actually taking the information found and using it for their own purposes. And the problem here is, if a cloud host institutes certain measures to fight a data breach, they may wind up making the problem worse. For instance, they may employ data encryption to thwart intruders, but if they lose the key, that data is lost as well.
Account Hijacking: If hackers somehow get their hands on your account information, passwords, and other credentials, you entire operation is now at their mercy. They can change data, redirect customers to other sites, or eavesdrop on your activities.
An Inside Job: This one’s so obvious, it’s almost embarrassing. Consider an unscrupulous contractor, a disgruntled employee (does the name “Snowden” ring a bell?), or perhaps even someone who no longer works for your company. They’re already on your side of the firewall, so to speak. These insiders can cause some real damage.
Creating Cloud Security
So we’ve seen five threats to cloud security, and believe me, that’s not even the full list. Now that we know what we’re up against, what can be done about it? Fear not; there is hope.
Be Choosy: Before you commit to a cloud service, go through the process of vetting them. What are their policies? Who are their other customers, and how satisfied are they? What encryptions and security measures does the company use? What about their privacy and security requirements? After all, you’d do a background check for a care-giver for your child, right? Your data is like your babies; don’t entrust them to just anyone!
What’s the Password?: Such a simple step and yet so powerful. Passwords should be changed often, incorporate a mixture of upper and lower case letters, numbers, and symbols, and above all else, should NOT be something easy to guess. This means that the password should have no bearing on the nature of your business. For instance, if you own a sporting goods business, using Football123 is an invitation to getting hacked. And make sure those passwords aren’t lying around for people to find!
Backup Your Backups: Consider using more than one cloud storage service, particularly if the cost is cheap enough. Maybe the data that’s used most often could go to a site like Dropbox, while those same files and everything else goes to another service for more long-term storage. It’s also not a bad idea to conduct a local backup, using an additional hard drive and storing it somewhere safe, preferably off-site.
If It Doesn’t Look Right, It Probably Isn’t: This applies to not only websites but emails as well. First of all, avoid sketchy sites, especially ones that ask for too much personal information. Secondly, beware emails from addresses that you don’t recognize. Even if you DO recognize the address, or that it at least looks somehow familiar, be careful. As a for instance, I recently got an email from what seemed to be Bank of America, telling me that my account page had undergone numerous login attempts, and that I should click on the link they provided in the email to reset everything, or else they’d suspend my account. Scary stuff, eh? Only when I logged on to Bank of America’s pages and checked my account, there were no alerts that reflected the email they allegedly sent. It was fraudulent. Fortunately, I didn’t act on the email’s instructions; rather I deleted the thing and for good measure, immediately purged my trash bin.
Many of these measures appear to be common sense, but you’d be amazed at how lax people can get when it comes to implementation. Cloud computing is an awesome tool that can ultimately benefit businesses of all sizes as well as the average consumer. All it takes is a little caution and forethought, and your data can be as safe as if it were locked in a strong box in a bank vault.