Cloud computing is a fast-growing, lucrative industry. The seven largest enterprise cloud vendors—Microsoft, Amazon, IBM, Salesforce, Oracle, SAP, and Google—posted a combined 2017 cloud revenue of $76.3 billion.
These earnings, combined with the sheer volume of data stored in the cloud naturally make cloud computing a target for cybercriminals. Sensitive data stored in the cloud is at risk if it isn’t secured properly. Cloud security involves a broad set of regulations, technologies, and policies to protect data, applications, and the ever-expanding infrastructure of cloud computing.
The Cloud Security Alliance (CSA) compiled comprehensive reporting on the top 12 threats to cloud security. Of the 12, there are five critical challenges we feel you must address right away. The following summary offers a roadmap to protecting your organization from the most common cloud security risks.
Small businesses and nonprofits often assume they are immune to data breaches. Large organizations tend to be overly-confident that they are protected against this risk. Unfortunately, the number and scope of data breaches is growing every year, and no company or industry is safe.
In the first six months of 2017, there were 791 data breaches reported – a 29 percent increase compared with the same period in 2016. The data loss has impacted organizations in every industry:
These are just a few of the incidents that were reported in 2017:
While data breaches are not unique to cloud computing, these incidents have a devastating effect on cloud users. Billions of records were lost to data breaches in 2017, many of which involved cloud servers.
Even the most advanced cloud security can’t protect against theft when data thieves have system access. Unfortunately, unauthorized access is a significant issue. Organizations of every size demonstrate “a lack of scalable identity access management systems, failure to use multi-factor authentication, weak password use, and a lack of ongoing automated rotation of cryptographic keys, passwords and certificates,” making this one of the top five issues to address in 2018.
One of the most alarming cloud security-related issues of 2018 was uncovered at the end of 2017. A flawed set of design features in most modern microprocessors has the potential to permit content to be read from memory through the use of malicious JavaScript code. These two design features have since been (ominously) named Spectre and Meltdown.
Spectre affects almost every system, including desktops, laptops, cloud servers, and smartphones. According to the CSA report, Meltdown affects cloud providers “which use Intel CPUs and Xen PV as virtualization without having patches applied. Furthermore, cloud providers without real hardware virtualization, relying on containers that share one kernel, such as Docker, LXC, or OpenVZ are affected.”
Accidents happen, and human error is inevitable. Even when actions are not malicious, data can be permanently lost if it is not backed up properly. CSA offers the following guidance to mitigate this risk:
“Cloud consumers should review the contracted data loss provisions, ask about the redundancy of a provider’s solution, and understand which entity is responsible for data loss and under what conditions. Some providers offer solutions for geographic redundancy, data backup within the cloud, and premise-to-cloud backups. The risk of relying on the provider to store, backup and protect the data must be considered against handling that function in-house. The choice to do both may be made if data is highly critical.”
DoS attacks are attacks meant to disable a machine or network, making it inaccessible to its intended users. The rise of cryptocurrency like Bitcoin and Ripple makes it possible for DoS attacks to happen more frequently. Through the use of cryptocurrency, cybercriminals no longer have to learn the necessary skills or have control over a botnet. They can simply pay another hacker through these funding methods to do the job for them.
The necessity of protecting yourself against increasing threats to the cloud is a critical issue in 2018. Fortunately, there are effective, well-tested solutions available. For example, data encryption has been shown to dramatically reduce the likelihood of a data breach.
Since 2013, only 4 percent of data breaches have occurred where encryption was used. In the few cases where data was compromised, the stolen records were rendered useless by encryption tools. As a result, unauthorized parties were unable to use or sell the information.
Deploying encryption software in the cloud can reduce the likelihood of a data breach in the event of an attack.
Finally, cloud encryption can also mitigate the impact to an organization’s public image and reputation when a breach does occur. Per the General Data Protection Regulation (GDPR), companies using encryption aren’t required to file a report according to the 72-hour breach notification rule, and can avoid related penalties.
Learn more about high performance, scalable data encryption for the cloud and how it can reduce the risk for your organization with a free trial of our advanced encryption software.