Cloud security: 3 potential threats to keep on your radar
The internet allows for workloads to be streamlined, processes to be automated, communication across the world to happen in an instant, and free (or at least cheap) options for just about every single thing you could possibly need.
Cloud computing, since its inception in about 2006 (though the original term is believed to have been coined in the 1960s), has revolutionized how individuals and companies alike use, store, and have access to their data. It’s an incredible concept and one that’s quickly taking the business world by storm. In fact, in 2018 Forbes reported that by 2020 a whopping 83% of the enterprise workload will be hosted in the cloud.
In the same article, however, Forbes stated that according to 66% of IT professionals, cloud security is their greatest concern as cloud computing continues its takeover. As Uncle Ben said, “With great power comes great responsibility,” and ensuring your company handles the great responsibility of the cloud’s great power well is crucial.
Let’s take a look at a few of the largest risks of cloud computing in 2020 and how you can protect yourself and your company.
Risk #1: Internal human error (or malice)
Cue that old Hannah Montana song “Nobody’s Perfect.” It’s a heck of a nostalgic bop, but the main message of the song definitely applies here. No matter how smart, savvy, or careful humans are, they’re bound to screw up at some point. Unfortunately, when it comes to cloud computing, those screw-ups can be costly.
When it comes to human error, most cloud security vulnerabilities are the result of misconfiguration. This can be a misstep during development or after deployment but the result is the same: somebody makes a boo-boo and your company can pay the price. Leaving a server without the proper encryption, reusing a password instead of generating a new and effective one, and even accidentally sharing (or failing to properly revoke) access are a few examples of how things can go terribly, terribly wrong.
One way to avoid mistakes before they happen is to create and cultivate a culture of awareness:
- Train your team extensively on the proper procedures for security, from proper password creation to what to do in the event they find a vulnerability.
- Build an environment where your employees have the tools to follow proper protocols as well as the trust to bring issues to attention.
A second way to keep accidental security issues from happening is to make sure the tools you use, how to use them, and the best security practices are clear:
- If a tool isn’t intuitive, it can be easy for your team to misuse it, unintentionally creating an unsafe situation.
- Doing a check of and thorough training for all cloud-based storage, tools, and programs is essential to keeping your data safely where it needs to be.
On the flip side of well-intentioned mistakes is intended harm. Disgruntled employees are a major potential source of security issues for companies in general, but with the far-reaching power of cloud computing, they can wreak absolute havoc on your business. We’ve got a couple ideas on how to keep your company’s angry exes at bay.
Risk #2: Unsecure APIs
Ah, APIs. They’re what allow your favorite apps and devices to all work and sync together in the cloud, but they’re also a large potential blindspot when it comes to keeping your data in the cloud secure. When the APIs used to access the cloud aren’t locked down properly, even the most secure cloud can become vulnerable. No bueno.
Have you ever taken a trip with a nosy relative, friend, or co-worker who just insisted on having adjoining rooms? Yikes. First of all, we feel bad for you. Second, this is actually kind of a beautiful metaphor for the importance of secure APIs. Let’s look at APIs like those two-way doors in between adjoined hotel rooms.
If you want your traveling companion (an app or device that needs access to your data) to be able to come in and use your stuff, or you want to go watch a movie in their room, having the door (the API) open is really nice. However, you probably don’t want them able to sneak in while you’re sleeping or rifling through your suitcase when they shouldn’t be, so closing that door securely is important (you only want your apps and devices having access to the data you specify when you specify).
Even more, say somebody breaks into their room and tries to get into yours as well. If that adjoining door is flimsy, the lock doesn’t latch properly, or the hinges can be removed, some pretty bad people will have easy access to everything you’re keeping in your hotel room. Hopefully you didn’t leave your wallet in there!
Just like a thief having easy access to your room if that adjoining door isn’t strong enough to keep them out, making sure the APIs being used to access your data in the cloud are bulletproof is crucial. If it’s not, even though your overall cloud security may be strong, you’re still vulnerable to attacks.
Risk #3: The right tool for the wrong job
Since so many tools, apps, SaaSes, and other business offerings use the power of cloud computing in today’s market, it can be pretty overwhelming to find the right options for your company. A wide range of platforms even offer free trials or tiers of service, so sometimes the best course of action can seem like just picking one and rolling with it.
The issue with this, though, is that when tools aren’t used exactly what they’re designed for, that can create an enormous security liability. For example, if you’re looking for a tool that allows you to store, edit, and share access to company files in the cloud but choose one where files must be downloaded to be edited, various versions of company files can be stored all over different devices, making it almost impossible to make sure the data contained in them is secure.
Another scenario in which a breach can happen could be relying on cloud-based features of software your team is using. For example, let’s say your graphic designer is putting the finishing touches on a new document that contains sensitive information. The design program she uses automatically syncs her work to the program’s cloud, making it easy to access her work from anywhere. Though the final product will be uploaded to your company’s secure cloud, having a version floating around in the design program’s unsecured cloud is a liability that can go undetected.
Intentionality and research are the best ways to combat choosing the wrong tool for the job. Do your research and reevaluate your current setup. Talk with your IT department about any new additions to your software or tool lineup before using them, or even hire a freelance security consultant to have in your back pocket to ask. It’s a lot easier to prevent problems than to fix them, especially when it comes to internet security. Just ask Toyota.
Wrapping up
While the cloud makes it possible for businesses to reach markets and have abilities they never dreamed possible, cloud computing has also opened a Pandora’s box of new, previously-unknown vulnerabilities and worst-case-scenarios. Being aware of and preparing for those scenarios, though, is the first step toward making sure they don’t happen. While even the most secure companies have their vulnerabilities, taking every step possible to protect yourself is well worth it. After all, this is your livelihood we’re talking about.
Recommended reads:
