By Phil Maurer. Published 14. January 2016.
When it comes to cloud security, while many of the concerns a few years back stemmed from the security of the cloud itself, today’s business owners still have reason to be concerned about vulnerabilities. From the way cloud service providers build their infrastructure to who has access to your data—and even who legally owns your data—there are real security risks to doing business in the cloud. Here are some of today’s top cloud security concerns.
Yes, and no. While most cloud service providers have implemented security provisions, there could still be employees lurking at the facility itself that sneak a peek at your information. And though cloud providers are expected to perform background checks on all employees with access to sensitive information, the truth is, there are many examples of organizations failing to adequately perform background checks.
Most public cloud services are multitenant, meaning they’re storing your data and a bunch of other companies’ data, too. Problem is, if your public cloud services provider hasn’t correctly designed their cloud service database, a flaw in another client’s application could allow hackers to get at their data and your data, too.
The fact is, while there’s a huge focus on the security of hosting facilities and technical components used to build their infrastructure, there’s very little focus on analyzing the application code itself for vulnerabilities.
We face an unprecedented level of sophisticated attacks used to mine critical financial and user data. The number of attacks has nearly doubled since 2013.
Some of the most high-profile attacks didn’t target cloud data directly, but infiltrated end-points such as teller registers, bank terminals and user laptops. It’s a problem for industries such retail, manufacturing, legal and healthcare. And ground zero is the place where people work with devices, applications, and data. All it takes is an unenforced or variable policy, weak protection or an incorrectly used device to open the door for a hacker.
Many countries have regulations that don’t allow personal data to be exported to or stored in other countries. When data location is a concern, especially for personal information, private health information, and tax and financial information, you’ll have to choose a cloud provider based on geography.
Your best bet to mitigate this risk is by selecting a cloud provider with data accountability, and one with locations that stick to strict policies on data governance in the countries they provide service.
When you take the time to read your cloud provider’s contract, you may be surprised. For example, you may find out that the contract states that your data is actually the property of the cloud service, not you. There are many reasons they may do this—such as generating more revenue and getting more legal protection—but the fact is, you want your data to be your data. Period.
When you absolutely must have control over where your data resides, such as in cases of healthcare for HIPAA and legal considerations, a private cloud is the simple way to ensure data governance, control and security.