“Is the Cloud Secure?” is probably the most often asked question when someone from IT mentions moving services or workloads to the cloud. The short answer is, “Yes, it’s secure.” The longer answer is, “Yes, it’s secure — more secure than your network but it’s not a virtual Fort Knox either.”
The cloud is far safer than your corporate network but no online site is 100% secure either. And, yes, cloud breaches have happened but if you look at the circumstances, there are two primary paths for cloud-oriented data theft: insiders and weak passwords.
Insiders are the Big Problem for Cloud Storage
According to a Ponemon Institute Study, “2018 Cost of Insider Threats: Global”, 64% of all reported attacks were due to employee and contractor negligence. Criminal or malicious insiders caused another 23% of all attacks. If the majority of attacks are caused by insiders, but not criminal or malicious, how are they classified? Non-criminal and non-malicious attacks have multiple causes that researchers and security personnel attribute to insiders such as human error, accidents, phishing attacks, infected devices, and other careless acts.
According to the Ponemon Institute’s “Cost of a Data Breach Report 2019,” the most common types of malicious or criminal attacks include malware infections, criminal insiders, phishing/social engineering and SQL injection. Malicious attacks of all types were up 21% between 2014 and 2019.
In 2014, a conference paper titled, “Cloud Computing Security & Privacy Challenges,” from the 15th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting, at Liverpool listed malicious insiders as one of the challenges to cloud computing, stating, “with all of these services promising facilities and benefits, there are still a number of challenges associated with utilizing cloud computing such as data security, abuse of cloud services, malicious insider and cyber-attacks.”
Weak Passwords Cause Breaches
The “2017 Verizon Data Breach Investigations Report (DBIR)” found that “weak or stolen passwords are responsible for more than 80% of hacking-related breaches.” There’s no reason to use weak passwords. There are plenty of easy to use password generators available such as . You can generate a secure password of any length and have your browser save it for you.
But, even the most complex passwords can be cracked with enough time and computing power through brute force attacks. This can be stopped by using multi-factor authentication.
What are the Risks to Cloud-stored Data and How Can I Stop Them?
Data stored anywhere is at risk of theft, corruption, or destruction. You can protect your data by being vigilant and by adhering to best practices for your cloud-hosted environment. The following guidelines will enhance your data’s security and help you avoid the risk of storing data in the cloud.
Using Strong Passwords
The use of strong passwords is an easy defense against those who use dictionary-based attacks and brute force attacks with the suspicion that passwords are neither complex nor long enough to exhaust the attacker’s available computing resources. Using a complex 14-character password, which is acceptable to most online venues, would take more than a human lifetime to crack using a brute force attack.
Multi-factor authentication requires very little effort to enable and to use. Most banking, credit card, investment, email, and social media sites now have multi-factor authentication options available to the user. Multi-factor authentication takes away part of the problem with weak passwords because of the other factors, passwords are only one factor and multiple are required to access an asset.
For example, before connecting to the cloud-hosted systems for maintenance or development pushes, the user must enter a username and password and then is challenged with another factor such as an SMS message to a mobile phone or a picture that must be identified correctly. The most secure multi-factor authentication includes a factor that is a random number generator on a key fob device.
Negligence is one of the risks that’s easily mitigated by setting schedules for maintenance and updates. Of course, negligence shouldn’t exist at all in production environments but it does. As a cloud customer, you must track maintenance activities performed by the hosting company and be sure that the terms of your contract are upheld. An update or patch that slips through the cracks leaves your environment and your data at risk.
We advise you hold at least two meetings per year with your hosting company’s representative during which you can discuss your needs and to ensure that they’re being met. It’s also recommended that you perform regular audits of your environment to check uptimes , patch levels, firmware dates, and other relevant maintenance and security data points.
Internal Breaches and Theft
Since most breaches originate within corporate walls, either through negligence, human error, accidents, or from malicious intent, it is recommended that you enable user account auditing and alerting. By doing so, you’ll receive an alert when someone elevates their privileges on one of your hosted systems. A product such as OSSEC or a SIEM can perform these watchful sweeps and notify you and your team as soon as it happens so that any unauthorized access is quickly stopped.
To further prevent internal breaches, all remote root and Administrator access should be revoked. Only regular user accounts should be used to remotely access a system and then the user should escalate their privileges once logged onto the system. This method records the user account name that escalates privileges into a log file that can be captured and audited should a breach occur.
External Breaches and Theft
External breaches usually result in confidential data theft, which might include user account information, personally identifiable information (PII), credit card numbers, account numbers, and intellectual property. Attackers probe sites and networks on a continuous basis.
If your systems are connected to the Internet, they have been probed and possibly scanned for vulnerabilities. For this reason, extreme measures must be taken by both the hosting company and the customer to prevent such breaches.
Discuss security measures and security history with your hosting company. Find out if any breaches have occurred and what the outcomes were. User education and preparedness are some of the best defenses against activities such as phishing and social engineering.
Cloud Storage Location
A safety measure that some customers overlook is where your data is stored. Redundancy is a security measure that prevents data loss. In other words, having more than one copy of your data helps prevent data loss. Some cloud providers have geographically diverse data centers, such as an East Coast and a West Coast location, for example. Should one data center’s servers fall prey to an attack or experience a catastrophic failure, your data is safe in the other data center.
Prior to signing a cloud-hosting contract, ask where your data is stored. Certain types of data cannot be stored outside the United States. And if you’re a government contractor, your hosting provider has to adhere to regulatory compliance requirements and hold certain certifications to legally host your data.
Making Data Secure
There is a technological limit to security. New vulnerabilities emerge every day and hacker groups and nation-states are researching new exploits that want to steal data. No single security method is enough. A layered approach is far more effective. The following technologies greatly improve your security.
Encryption. Encryption. Encryption.
Encrypt everywhere is the mantra for cloud-stored data. Encrypt data at rest. Encrypt data in flight. And, encrypt backed up data. Encryption is a very effective method of keeping confidential data safe and preventing unwanted eyes from prying. Just ask anyone who has fallen prey to any type of Cryptolocker ransomware and they can tell you that encryption is extremely effective in preventing data’s use by anyone other than the entity that holds the key.
Implement Firewalls and VLANs
Hardware firewalls and VLAN configurations are the hosting provider’s responsibilities. It is advisable to install web application firewalls for your Internet-exposed applications. These firewalls can prevent cross-site scripting attacks, SQL injection attacks, brute force password attacks, and other attacks against your web applications. VLANs prevent traffic from one customer’s network segment from mixing with other customers’ traffic.
Remember to enable all host-based firewalls and configure them to be enforcing. Only allow exceptions for what’s required for reasonable access to your applications and systems.
Intrusion Detection and Prevention
Ask your provider which type of intrusion detection and prevention it has implemented for your protection. If the provider doesn’t have any such technology, then you must install these locally to your hosted systems. If your customer portal contains any options for intrusion detection and prevention, enable them before going live on the Internet.
Antimalware software should be used on all hosted systems. Many of these suites scan and audit files for possible intrusions and changes. Enable them, scan regularly, and update often.
Physical security generally isn’t a problem for cloud-hosting data centers. Multiple levels of security prevent any unauthorized personnel from entering the data center or gaining access to power, backups, or systems. Ask your provider for details.
So, is the Cloud Secure?
To the question, “Is your data safe in the cloud?” Yes, your data is safe in the cloud. There are concerns, to be sure, but the risks to data and privacy can be minimized by enabling best practices, enhancing security, and adhering to maintenance schedules and protocols .
To learn more about cybersecurity and ColoCrossing’s commitment to keeping your data safe, contact us.