Cloud-based solutions are increasingly in business demand around the world. These solutions include everything from secure data storage to entire business processes. As we move more to cloud-oriented solutions, a new challenge comes into play: the 'security' of cloud storage. The question arises of where data is stored and more importantly, who has access to it. Here-lies cloud storage security - security measures that are implemented to protect data with the same (or often higher) level of sensitivity as would exist in an on-premise data storage solution.
Sounds great (yawn). Let's see what this actually means in real terms for your business data.
A recap on 'the cloud'
As we've covered before, cloud-based storage is an outsourced solution for storing data. Instead of saving data onto local hard drives, users store data on internet-connected servers. Datacentre's then provide a home for these servers to keep the data safe and secure to access. Businesses turn to cloud storage solutions to solve a variety of problems. Small businesses use the cloud to cut costs and big businesses use the cloud to distribute data more efficiently across the world. Any time you access files stored remotely, you are accessing a cloud - in simple terms anyway.
Email services are a prime example. Most email users don’t bother saving emails to their devices because those devices are connected to the internet most of the time.
Types of Cloud: Public, Private, Hybrid
- Public Cloud: These services offer accessibility and security. This security is best suited for unstructured data, like files in folders. Most users don’t get a great deal of customised attention from public cloud providers unless you use more business-oriented options. This is your Google Drives and your Dropboxes. This option is affordable.
- Private Cloud: Private cloud hosting services are on-premise solutions. Users assert unlimited control over the system. Private cloud storage is more expensive and more old-fashioned. This is because the owner manages and maintains the physical hardware.
- Hybrid Cloud: Many companies choose to keep high-volume files on the public cloud and sensitive data on a private cloud. This hybrid approach strikes a balance between affordability and customisation.
The big question: how secure is cloud storage?
All files stored on secure cloud servers benefit from an enhanced level of security. The security credential most users are familiar with is the password. Cloud storage security vendors secure data using other means often not implemented in on-premise solutions such as:
- Advanced Firewalls: Firewalls inspect traveling data packets (moving data). Simple ones only examine the source and destination. Advanced firewalls verify packet content integrity (what the data means). Clever algorithms then map the packet contents to known security threats and say yay or nay to data entering or exiting the cloud. A bit like a bouncer at your local club saying yes or no to guests based on previous experiences of having them trying to do snow angels on the dance-floor. You thought people would forget?
- Intrusion Detection: Online secure storage can serve many users at the same time and successful cloud security systems rely on identifying when someone tries to break into the system, both at the door and when inside. Multiple levels of detection ensure cloud vendors can even stop intruders who break past the network’s initial defences. To continue our club analogy, these are your bouncers inside the club monitoring the guests.
- Event Logging: Event logs help security analysts understand threats. Analysts use this data to build a narrative concerning network events. This helps them predict and prevent security breaches based on known patterns of behavior. For example, bouncers predict incidents based on experience from other nights in the club.
- Internal Firewalls: Not all accounts should have complete access to data stored in the cloud. Limiting secure cloud access through internal firewalls boosts security. This ensures that even a compromised account cannot gain full access. Although you've been permitted access to the club, you don't get into VIP unless you are known and trusted.
- Encryption: Encryption keeps data safe from unauthorized users. If an attacker steals an encrypted file, access is denied without finding a secret key which will unlock the file and reveal the data contents. The data is worthless to anyone who does not have the key. Just the same as if you have no ID, you don't get into the club. Admittedly this analogy is running out of ground...
- Physical Security: Cloud data centers are highly secure. Certified data centers have 24-hour monitoring, biometric security and sometimes armed guards. These places are more secure than almost all on-site data centers.
- Advanced Firewalls: Firewalls inspect traveling data packets (moving data). Simple ones only examine the source and destination. Advanced firewalls verify packet content integrity (what the data means). Clever algorithms then map the packet contents to known security threats and say yay or nay to data entering or exiting the cloud. A bit like a bouncer at your local club saying yes or no to guests based on previous experiences of having them trying to do snow angels on the dance-floor. You thought people would forget?
- Intrusion Detection: Online secure storage can serve many users at the same time and successful cloud security systems rely on identifying when someone tries to break into the system, both at the door and when inside. Multiple levels of detection ensure cloud vendors can even stop intruders who break past the network’s initial defences. To continue our club analogy, these are your bouncers inside the club monitoring the guests.
- Event Logging: Event logs help security analysts understand threats. Analysts use this data to build a narrative concerning network events. This helps them predict and prevent security breaches based on known patterns of behavior. For example, bouncers predict incidents based on experience from other nights in the club.
- Internal Firewalls: Not all accounts should have complete access to data stored in the cloud. Limiting secure cloud access through internal firewalls boosts security. This ensures that even a compromised account cannot gain full access. Although you've been permitted access to the club, you don't get into VIP unless you are known and trusted.
- Encryption: Encryption keeps data safe from unauthorized users. If an attacker steals an encrypted file, access is denied without finding a secret key which will unlock the file and reveal the data contents. The data is worthless to anyone who does not have the key. Just the same as if you have no ID, you don't get into the club. Admittedly this analogy is running out of ground...
- Physical Security: Cloud data centers are highly secure. Certified data centers have 24-hour monitoring, biometric security and sometimes armed guards. These places are more secure than almost all on-site data centers.
- Authentication: Weak passwords are the most common enterprise security vulnerability and it's not uncommon for users to write their passwords down. Multi-factor authentication can solve this problem. (MFA for next Prime Minister!)
- Awareness: In the modern office every job is a cyber-security job. Employees must know why security is so important and be trained in security awareness. Users must know how criminals may approach a cyber-attack - this leads us onto the next point.
- Phishing Protection: Phishing scams remain the most common cyber attack vector. These attacks attempt to compromise user emails and passwords by 'fishing' their data. Ever seen that email 'your money has been locked, enter your details to unlock'? That's phishing. Using this data, attackers can move through business systems to obtain access to more sensitive files.
- Breach Drills: Simulating data breaches can help employees identify and prevent phishing attacks. Users can also improve response times when real breaches occur. This establishes protocols for handling suspicious activity and also provides an apt time to give feedback to users on their security awareness.
- Measurement: The results of data breach drills must inform future performance. Practice only makes perfect if analysts measure the results and find ways to improve upon them. Quantify the results of simulation drills and employee training to maximize the security of cloud storage.
Educate Your Employees
Employee education helps enterprises successfully protect cloud data. Employee users often do not know how cloud computing works. Explain cloud storage security to your employees by answering the most commonly asked questions:
- Where Is the Cloud Located? Cloud storage data is located in remote data centers. These can be anywhere on the planet (sometimes even underwater). Cloud vendors often store the same data in multiple places. This is called redundancy.
- How is Cloud Storage Different from Local Storage? Cloud vendors use the internet to transfer data from a secure data center to users. Cloud storage data is available everywhere.
- How Much Data Can the Cloud Store? Storage in the cloud is exponentially large, almost unlimited to us. In a 2013 study it was predicted that over 1 Exabyte of cloud storage is in use - this is over 1,073,741,824 Gb's of data or if written, 50,000 trees made into paper and printed. Local drive space is limited. Bandwidth – the amount of data a network can transmit per second – is usually the limiting factor.A high-volume and low-bandwidth cloud service would run too slowly for meaningful work.
- Does The Cloud Save Money? Most companies invest in cloud storage to save money compared to on-site storage. Improved connectivity cuts costs. Cloud services can also save business money in disaster recovery situations.
- Is the Cloud Secure and Private? Professional cloud storage comes with state-of-the-art security. Users must follow the vendor’s security guidelines. Negligent use can compromise even the best protection.
Cloud Storage Security Best Practices
Cloud storage providers store files redundantly. This means copying files to different physical servers placed far away from one another. In a traditional office a disaster such as a fire would result in lost data and consequently lost business. In the modern office this data is stored in the cloud, copied to multiple data centers located throughout the region. A modern office would be able to recover overnight.
Redundancy makes cloud storage security platforms far less likely to occur. Cloud storage vendors measure hard drive failure and compensate for them through redundancy. Even without redundant files, only a small percentage of cloud vendor hard drives fail. These companies rely on storage for their entire income and so take every precaution to ensure users’ data remains safe.
This makes cloud storage an excellent option for securing data against cyber-crime. With a properly configured cloud solution in place, even ransomware poses very little threat. Simply wipe the infected computers and start fresh, all whilst data remains safe in the cloud.
Cloud storage providers store files redundantly. This means copying files to different physical servers placed far away from one another. In a traditional office a disaster such as a fire would result in lost data and consequently lost business. In the modern office this data is stored in the cloud, copied to multiple data centers located throughout the region. A modern office would be able to recover overnight.
Redundancy makes cloud storage security platforms far less likely to occur. Cloud storage vendors measure hard drive failure and compensate for them through redundancy. Even without redundant files, only a small percentage of cloud vendor hard drives fail. These companies rely on storage for their entire income and so take every precaution to ensure users’ data remains safe.
This makes cloud storage an excellent option for securing data against cyber-crime. With a properly configured cloud solution in place, even ransomware poses very little threat. Simply wipe the infected computers and start fresh, all whilst data remains safe in the cloud.
