In 2017 alone, cloud service revenues are expected to reach $260 billion, according to ZDNet, which would be an increase of 18.5 percent from the previous year. And growth is sure to continue. While the cloud is a great place to store data – ranging from personal photos to company documents and everything in between – it has also become a vulnerable target for many hackers. Despite this cyber risk, 81 percent of organizations are not taking the proper measures to protect their information in the cloud, according to a report from RedLock’s Cloud Security Intelligence team. So how can companies ensure their data is safe in the cloud? An article in The Week gives some insights into dealing with the risk that comes with cloud computing. Let’s start by looking at two of the most common ways cloud-stored data is compromised.
Lack of security controls
Many companies have sophisticated security systems and protocols established to protect their internal networks from outsiders, but those controls aren’t always extended to their cloud storage. This leaves an open invitation for skilled hackers to easily access any unguarded data. With the accessibility of mobile computing, users can access and download data from the cloud to their personal devices, which can quickly get out of hand. Companies need to control who is authorized to have remote access, and from which devices, to keep the reins around their sensitive data.
Users aren’t properly monitoring their cloud data
Many cybersecurity incidents can be prevented or minimized with consistent monitoring. Companies without monitoring services often discover a security issue after the damage has already been done, such as when they receive complaints from customers that someone used their account for malicious activity. The Equifax breach, for example, affected over 143 million consumers before it was discovered. The bottom line is that companies need to treat their cloud storage as part of their internal system when they create their security measures. To avoid suffering an attack on their cloud-based data, companies can bring their data under stronger lock and key by:
Implementing multi-factor authentication.
Many security protocols employ multi-factor authentication, which asks users to identify themselves in at least two different ways before they can access a system. Usually, users are asked to provide a combination of something they know (such as a password), something they have (like a one-time code or smart card) and something they are (such as a fingerprint). Consider keeping your cloud network secure by requiring users to input a one-time passcode sent to them via email or text message after entering their password. Adding this extra layer of security reduces the likelihood that an unauthorized user will access your data.
It’s important to understand exactly what’s stored in your cloud network so you know what is at risk. From there, your company can then evaluate the best security measures for that data. For example, segmenting or “zoning” your network allows you to limit access to sensitive information to only those applications, servers and people who need it. The more layers you add to each level, the harder it is for a cyber criminal to gain access to company data.
Creating clear policies
As mobile computing becomes more common, make sure your employees know how they can access information remotely from the cloud, such as on a secure private network in a secure location. Companies should also put procedures in place that outline how to deal with a breach situation if one arises. With clear guidelines, it’s much easier to manage data and keep everyone accountable for the safety of that data. Although there is inherent cyber risk with remote storage and computing in the cloud, companies can mitigate those risks with regular monitoring and a few improvements to their security protocols. As with any data, it is much safer when it’s kept under close watch.
For help with securing your cloud-based data, give us a call at 615-499-7600.