Digital Conqueror - Logo
Close this search box.

Where Security Goes Wrong in the Cloud

There is no doubt that cloud computing has been a seismic force in the world of computing over the past couple of decades. Referring to the use of remote servers to store and process data, the cloud does away with the need for on-premises equipment and local storage for tools that can be accessed anywhere in the world — just so long as you’ve got an internet connection and a device to access it on.

With so many advantages, it’s no wonder that companies have been migrating to the cloud for years. This shift has only gained momentum over the past year during the coronavirus pandemic, with the closure of many workplaces and the shift to working from home underlining why cloud computing is so powerful.

But as many positives as cloud computing has, it also poses some challenges in the form of security threats. In some cases, these are inextricably tied up with what makes the cloud so useful: its ease of access. While that may be great news for good actors logging into authorized systems, it also opens the door for hackers to potentially access systems they should not rightfully be allowed entry to. It’s for this reason why cloud security has become increasingly important — and why good hygiene in this area is so crucial.

The biggest threats facing the cloud

According to the Check Point 2020 Cloud Security Report, the biggest cloud threat facing users is cloud platform configuration error, followed by unauthorized cloud access, then unsecured interfaces, and finally account theft. Not all of these necessarily mean that malicious actors have stolen user information, any more than leaving your car unlocked overnight guarantees that it will be stolen. However, all of them fail to properly secure cloud data — and with unauthorized cloud entry potentially very profitable for hackers, it remains a constant threat.

There are, unfortunately, a continuous stream of illustrations of cloud security breaches, and how they have damaged businesses. For example, in April 2021 it was reported that Eversource, New England’s biggest energy supplier, with some 4.3 million natural gas and electric customers, has suffered a serious data breach. This breach exposed the personal information of customers — including names, addresses, phone number, social security details, and account numbers — via an improperly secured cloud server.

Data breaches go from bad to worse

As bad as that breach is, though, it’s a drop in the ocean compared to the reported 3 billion (!) user accounts that were impacted by a 2013-14 data breach involving Yahoo. Although the stolen data — thought to have been stolen by “state-sponsored actors” — didn’t include passwords in clear text or financial data, it did compromise the email addresses, birth dates, telephone numbers, and names of many of its users. Yahoo initially said that the attack had resulted in the compromise of 1 billion records, but later expanded this to 3 billion. Since Yahoo was, at the time, being acquired by Verizon, news of the breach had an immediate negative impact: wiping $350 million off the company’s value at the time of purchase.

According to the ISC(2) Cloud Security Report, an estimated 28% of enterprises say that they have been the recipient of cloud security incidents. The UK government says that a reported 32% of companies in the country have been the victim of explicit attacks directed toward their cloud systems. Similar figures have likely played out around the world.

Securing the cloud

Both reliance and cyber attacks on the cloud are only going to ramp up. Securing the cloud should therefore be a priority for every business and enterprise.

One of the most important aspects of this is to initiate proper access management systems to ensure that the right people are allowed in, but no-one else. Strategies for this can include cloud-based data loss prevention (DLP) solutions, internet and access management (IAM) systems, and tools for monitoring access. You should also protect against threats like ransomware and stolen or deleted data by utilizing data backups and archival for recovery where necessary. In addition, carry out regular reviews of your cloud configurations to make sure that no changes have taken place and that all patches have been installed.

Cloud providers will sometimes offer recommendations about good cloud practices. If you want to make sure you are properly protected, however, consider bringing in cyber security experts. They can help to protect cloud workloads, guarantee compliance with data regulations such as Payment Card Industry Data Security Standard (PCI) and Europe’s GDPR, and more. They can additionally help provide the right risk mitigation tools to properly track access to your cloud-based data and applications.

The cloud brings with it massive digital transformation possibilities. But to take advantage of them, cloud-native security protection solutions are essential. By taking the right precautions, businesses and other organizations can get the most possible out of the transition to the cloud — without risking any of the negatives.