Cloud Security Is In Decline – What Are Your Options?

Cloud Encryption is in decline

Have you ever felt that awful feeling that the ship you’re on is slowly and steadily sinking, and no one’s telling you a thing about it? If you are in the cloud, then you should know the feeling, because while your captain is reassuring you that everything is A-OK, new holes start appearing in every new version of the product every day, allowing more water to seep in above the keel.

Cloud security has been in a steady decline ever since the cloud existed. It’s just too juicy a target not to try to hack. Imagine yourself as a hacker. You’re a 30-something-year-old geek who’s trying to get a name for himself. One of the quickest ways to do that is to exploit some vulnerability found in an enterprise. You see, hacking individuals is fun and all, but it’s not going to get you kudos among other hackers. Take down an entire enterprise, and you’ve earned yourself a badge. You hear about this “cloud thing” and it piques your interest, not because it’s one of the coolest booms of innovation to ever hit the internet, but because lots of enterprises park their sensitive stuff right there.

This kind of mentality has lead to a constant struggle between cloud providers and hackers, and guess who’s losing? It’s not those college kids or basement dwellers living with their moms. It’s the company that’s giving you the services you depend upon, and I guarantee that you’ll experience the wrath of a compromise one day if you’re not careful.

What makes this security problem worse is what is known as the identity and access management (IAM) gap. Basically, as the Cloud Security Alliance puts it, your employees have as much access to the cloud as you do, and activities happen without the knowledge of your IT staff. This creates a snowball effect where little pieces of information about your enterprise fall bit-by-bit into the hands of companies you don’t know you can trust. Essentially, you’re exposing yourself to a vulnerability without even being equipped to know about such vulnerabilities. Added to this, managers are prone to making mistakes in their adjustments of access management, which in most businesses is currently based on the honor system as opposed to being based on something more concrete, such as a database of users and access groups that can be transparently managed.

This, and your inability to take action quickly, spells an embarrassing future for you!

When the cloud first came into existence, some very smart people were warning everyone about possible security vulnerabilities that might exist in some applications. Now, enterprises on average run about one-third of all their mission critical applications on the cloud. There seems to be no turning back for these businesses, and if you are running one, it’s time you learned what you have to do in order to prevent yourself from getting into a mess that’s difficult to climb out of.

The Road to Iron-Tight Cloud Security

It’s very difficult to give up on a product that’s making you more revenue and producing less headaches. But you can’t ignore the fact that migrating over to the cloud, coupled with the bring-your-own-device (BYOD) phenomenon, can present new challenges for IT departments that have very little to no knowledge of what goes on outside their spheres of influence within the enterprise. For this very reason, you need to do a few things:

1) Adopt a BYOD policy and enforce it!

If you’re going to have BYOD, don’t just let people do what they want on their devices. Be serious about the threats that come with BYOD and address them. Have employees use your applications to bring their work onto their mobile devices. Use a security solution that allows you to track said devices and wipe them if they’re lost.

There’s another way around BYOD, though. Simply forbid employees to use their devices for work, but offer them company devices that are either partially or fully subsidized by you. This way, they will be able to compartmentalize life and work while still being able to maintain a high level of privacy and comforton their own personal devices.

2) Doing backups? Rely on yourself!

It is immensely difficult to set up a backup solution that will be able to store files in a central repository and synchronize folders efficiently. That’s why you don’t have to do it. No, we’re not talking about sticking to the cloud. Instead, you can move the cloud to you. Just use a private cloud backup solution with end-to-end encryption. Make sure it doesn’t “phone home” in any transaction. In other words, as long as you have a private cloud server that doesn’t communicate with the outside world, but backs up via intranet, you could end up with a secure backup method that won’t put your company at risk. Of course, you have to set it up correctly, too.

3) Use a transparent, concrete, and highly-secure identity management solution.

If you’re not taking care of your identity infrastructure, anything else you do for security is worthless. The biggest problem in identity and access management is making sure that your employees are not using cloud apps all willy-nilly without any supervision, right? What if you could have an environment that shows you detailed audits of application access and stores all of the identities in your infrastructure in a safe location? What if that environment allowed everyone to keep the encryption keys in their hands rather than storing it on the server?

These are not the only options you have but take them as a starting point to make sure you’ve less to worry about. As they say, get back to the basics and look at the fundamentals.

Have any more options to add to this list? Let me know in the comments and I might update the article.


This article was first published on PerfectCloud Blog. Visit the blog to read more about cloud computing, security and privacy.

Advertisements
About Mayukh Gon

Mayukh is the Founder/CEO of PerfectCloud Corp. He has over 15 years of experience working in the technology industry, specifically Middle-ware technologies, Software Development, Identity and Access Management. His company PerfectCloud Corp. is an innovative Cloud company which makes products for enterprises to provide them complete security & privacy for their identities, access and data.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: