You may hear the term “cloud security” used frequently, but what does “cloud security” mean? To understand what cloud security is you need to understand what the cloud is. The “cloud” is not a big white fluffy thing in the sky waiting to ruin your sunny summer day; rather, the cloud is a massive group of industrial computers, known as servers, and a large number of computer networks. The servers are the heart of the cloud. Servers process all of the data that flows in and out of the cloud, as well as perform operations on the data such as encryption or storing the data. The cloud processes petabytes (1,000,000 gigabytes) of data every single day. Much of the data flowing through the cloud contains personally identifiable information (PII). PII can be thought of as a digital fingerprint and is often used by hackers to identify a person’s identity which would otherwise be anonymous on the internet. By law, PII must be protected from hackers through techniques such as data encryption. The protection of sensitive data is one of the main reasons why cloud security is relevant.
Threats to Cloud Security
One of the most consistent threats to the security of cloud environments is human error. Often accidental, a human error such as misconfiguration can result in significant repercussions to cloud environments which range from overloaded system resources to significant downtime. If a vendor is a cloud reseller, extended periods of downtime can result in a violation of Service Level Agreements (SLAs) potentially accruing fines and other legal consequences. Other threats include bringing your own device (BYOD) policies and social engineering. Bring your own device is a catch-all term for a policy that allows employees to bring their own personal computing devices for company use. BYOD poses a risk to cloud services, as they are often unsecured and can widen the attack surface of a company’s network. Social engineering, on the other hand, takes advantage of weaknesses in human behavior. Social engineering attacks can include but are not limited to:
- Spear phishing
- Shoulder surfing
- Dumpster diving
Social engineering can be combatted with end-user training and regular security workshops, whereas concerns about BYOD and many other cloud security issues require more of a technical solution.
What’s the Solution?
There are a few tried and true solutions to secure cloud data. The most common solution is to use encryption to secure data. To be secure, all data must be encrypted before being uploaded to the cloud (preferably using AES 256-bit encryption). Next, all connections to the cloud must be encrypted using an end-to-end encrypted connection. An end-to-end encrypted connection encrypts user data on the sending device, in transit, and on the receiving device.
Note: Make sure encryption keys are stored in a safe and secure place. If the encryption keys are lost then access to the data encrypted with those keys is lost as well.
Finally, make sure to utilize cloud security features such as cloud-based firewalls, network segmentation, and security appliances (e.g., CASBs). Following best practices can significantly improve cloud security concerns, as can a proper risk assessment.