With the promise of reduced cost, increased flexibility, and greater portability, companies are moving to Cloud storage. At the beginning of last year, 94% of enterprises were already using the cloud to some degree. And “of businesses that adopt the cloud, a whopping 87% of them report business growth from their cloud use.” But with the increase in use comes an increase in risk.
The challenge of the cloud is not the security of the cloud itself but the security and control of the technology. When it comes to the cloud, “more than 90% of breaches are the user’s fault and not the provider’s.” As Fernando Montenegro, Senior Analyst at 451 Research pointed out, “Users are jumping into the cloud without understanding how to do cloud security, which can be dangerous to their organizations.”
Even Microsoft recently announced a cloud data breach exposing 250 million customer support records due to cloud misconfiguration. This adds to the cloud breaches of CapitalOne (100 million customers), Facebook (540 million records and 22,000 plain text passwords), and Google Cloud (1.2 billion social media profiles). Still, the benefits of the cloud outweigh the risks — but certain steps must be taken.
Here are five ways to protect information kept in the cloud against data breach and minimize risks.
- Implement a Cloud Governance Policy: When creating a Cloud Governance Policy, answer the following questions:
- What types of cloud services will be used?
- How will these services be deployed?
- How sensitive is the functionality or data that will be hosted?
- What legal or regulatory compliance requirements do need to be considered?
- What needs to be included in an Acceptable Use Policy for users?
- What will be the consequences for failing to adhere to best practices?
- Encrypt data while in-transit and at-rest: Encryption in transit protects data if communications are intercepted while data moves between your site and the cloud provider, or between two services. This protection is achieved by encrypting data before transmission, authenticating the endpoints, and decrypting and verifying the information on arrival. Encryption at rest protects data from a system compromise or data exfiltration by encrypting data while stored.
- Backup Data: Organizations have to consider how to recover if a breach does occur. It is common for organizations to regularly perform on-premise backups of critical resources, but often the same organizations fail to consider backing up resources stored in the public cloud. Backups created for cloud resources should include automated backups, deletion control, and version control, be searchable, and generate activity reports.
- Cloud Access Security Brokers (CASB): API CASBs are the more modern and scalable implementations of cloud access security brokers and integrate with public cloud vendor open APIs. This allows the CASB to become a part of the public cloud offering instead of being an add-on or proxy in the middle. Some API CASB benefits include standardized security and policy enforcement, proactive and retroactive actions, enforcing encryption meets organization-defined standards, threat control, privileged account use monitoring, and proactive alerting of security and policy-related events.
- Employee Training: Educate employees regarding proper security procedures and password management. Encourage complex and varied passwords. Inform employees of potential risks and what they can do to mitigate them, and regularly update and reinforce this information with security awareness training. Creating a cyber aware culture is often an organization’s first line of defense.
While no cloud security is 100% guaranteed, these five steps can set you up to mitigate your risk and recover quickly if a breach does occur.
With the increasing migration to the cloud and the amount of data stored there by those organizations, it is imperative companies bolster their own cloud security and manage their cyber risk. When protecting information in the cloud, organizations have to be proactive rather than reactive — or risk being another statistic.