Cloud storage has moved into the mainstream - but ensuring 24/7 access to your organisation’s cloud network while guaranteeing the security of your service is a difficult balancing act.
This issue is compounded by the public’s misconceptions around cloud security. After the well-publicised attack on Apple’s iCloud, there was an immediate drop in the popularity of cloud storage. Users questioned the security of their personal data and reported feeling more vulnerable to such attacks.
However, vulnerabilities in Apple’s password security system were responsible for the breach. Persistent hackers guessed the security question responses and passwords of targeted users. The cloud was never actually breached.
This is an important point and one that is often brushed aside when a high-profile cloud attack hits the headlines.
However, this hasn’t deterred the majority of businesses from adopting a cloud-based data storage strategy and implementing cloud networking to help streamline the maintenance and monitoring of such systems.
Research reveals 86% of global companies use multiple cloud storage systems to store and backup their corporate data. Effective cloud networking is a must with 30% of businesses using one cloud storage account, 16% have two, 12% have three, 8% have four, and 19% have five or more.
Such corporate confidence in the cloud is a clear indicator of this technology’s maturity and security. Simply put, the world’s businesses would not use the cloud to store sensitive corporate data if it wasn’t a highly secure system.
Advances in cloud networking systems, security strategies and protocols, and improved user education are all helping to further address cloud security concerns too.
But, first, let’s explain how cloud security works.
To keep data secure, the front line of defence for any cloud system is encryption. Encryption methods use complex algorithms to conceal information stored on the cloud.
This cloud-based data is encoded with an individual encryption key. When the files are accessed without the use of this key, the files are just random gibberish, a mass of numbers and letters.
To decipher encrypted files, would-be hackers need this encryption key. Decrypting information without an encryption key requires a huge amount of computer processing power, forensic software, and a lot of time.
Who holds the key to your data?
When you develop your cloud security strategy, you need to decide who holds the key to your data. There are two options to choose from: you could use a third-party service that holds your key, or take full responsibility for your own key.
Most third-party cloud-based services hold your key. When you log into the cloud-based service with your password, the key is then unlocked so you can view your data. This allows cloud service providers to offer a much more flexible service where you can then access, index and search your user data.
However, this method is less secure because someone else has your key, which means it could be compromised or misused. As a result, whoever initiates an attack to access your key will, consequently, have access to your data.
Alternatively, you could implement a cloud storage solution that allows you to keep your own key. These self-managed services have their drawbacks, however, as you will lose some of the utility and ease of use compared to the services offered by the large commercial providers.
Furthermore, if you ever lost your private key, there isn’t a password reset option. So, you would lose access to all of your corporate data. Forever.
The importance of monitoring and education
Cloud security is a joint responsibility. Your service provider must ensure your database and system applications are safe at the times from any unwarranted access. Organisations must take measures to protect their information by limiting people who can access sensitive data and securing passwords.
Research from Gartner reveals that, in 2018, 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.
So, whether you decide to use a third-party cloud services provider or go it alone, cloud monitoring tools provide you with clear and detailed insights into your organisation’s operations and resource usage. They will flag any issues up and help you take a more proactive approach to the security of your cloud.
You also need to put the appropriate level of user education in place. Speaking in a statement, Jay Heiser, research vice president at Gartner, said: “Through 2022, at least 95% of cloud security failures will be the customer’s fault. CIOs need to ensure their security teams are not holding back cloud initiatives with unsubstantiated cloud security worries.”
In other words, the challenge for CIOs and IT managers is to ensure that the appropriate policies and user education are in place to secure their corporate cloud networking strategies.
Your staff should have the appropriate security and compliance skills to work with your strategically important use cases. In most cases, your team will need to be proficient in both cloud Infrastructure-as-a-service (IaaS) and Software-as-a-Service (SaaS) models, for example.
Consequently, Heiser advises that CIOs and IT managers must change their line of questioning from “Is the cloud secure?” to “Am I using the cloud securely?”. To achieve this, an enterprise cloud strategy is needed.
According to Gartner, your enterprise strategy should outline the organisational expectations for the form, significance and control of your cloud network for individual business units.
Your enterprise strategy should also include guidance on your cloud networking policies, including what data can be placed into which clouds, and under what circumstances. Different cloud models also have different risk and control ramifications. Make sure your strategy reflects your circumstances.
Your corporate data is very safe in the cloud thanks to encryption and a range of other effective cloud networking tools and services.
But operating safely in the cloud is a huge undertaking and a difficult balancing act. If you would like to find out more about the cloud and the safest way to implement it for your business, contact Zen for a free IT audit.