Cloud Storage Security
Is information stored in the cloud secure? It’s fair to say that 2019 was the year that cloud computing went mainstream, though despite many businesses willingness to migrate data away from local storage, there remains concerns about the overall security of storing and processing information in the cloud.
As with any systems or technology, the decision to make a significant change to how you do business is always going to be a balancing act; weighing the positives against the negatives and considering what will work best for your needs.
Though there has been a great deal of talk about how cloud storage services will revolutionise operations, we must ask, to what extent are these claims true? And, just as importantly, Is Information Stored in the Cloud Secure?
What is the Cloud?
In their most basic sense, cloud-based services provide off-site storage and computing for organisations or individuals. The physical location of data is in enormous warehouses across the world, a provide a cheaper, reliable and easily accessible alternative to locally stored files. But again, you ask, is information stored in the cloud secure?
What Kinds of Cloud Services are Available?
There are various cloud computing services, from the common forms of individual storage, such as Dropbox or iCloud to more complex services such as networking, processing power, to artificial intelligence systems. Cloud computing essentially encompasses any service that doesn’t require physical access to the computer hardware being used.
Why are Businesses interested in Cloud Security?
One of the reasons for some anxiety regarding cloud storage may be because the inherent, round-the-clock dependency that comes with entrusting another party with the confidentiality, integrity and availability of your data.
Though an organisation, or systems administrator will be in control of the data being handed over, in some sense they are relinquishing control over to another. But of course, in many instances, this may not be a bad thing; in fact, it may just save your organisation in the event of an information security attack.
Not only can cloud services, such as AWS, Azure and Oracle provide the opportunity for organisations to save a great deal in hardware costs, in some ways information in the cloud is more secure. With the increased frequency and severity of malware and ransomware attack, infrastructure as a service (IaaS) is now big business.
Kept behind lock and key at huge data facilities, providers can often offer a far more sophisticated service than individual companies could realistically build themselves, whilst reducing the need to keep on-site technical staff.
Cloud Storage Risks
Though cloud security is undoubtedly very strong, often with far more invested in data security than an individual company could manage, the cloud is not without its security issues.
Firstly, with your data stored by an external party, the possibility arises that government’s or other entities, local to its place of storage, may be able to gain access to your information. Though this may not be an immediate or obvious concern for all businesses, if you’re working with particularly sensitive information, certain cloud storage providers may not be your best option.
Also, using the cloud to store data does not necessarily make all parts of your network immediately secure; the various weaknesses that can threaten any organisation, still apply, with human error often at the forefront of this threat.
One issue may also be the upfront costs to organisations that migrating data and systems across to the cloud will incur. Though in the long term a business may save money by moving this infrastructure and data off site, depending on many variables, IT budgets may not stretch to meet these costs in the short term.
Finding the expertise may also be an issue for businesses, as the technical knowledge to facilitate this change may not be immediately available. The shortage of technical skills spans across many domains, including cyber and information security, not to mention cloud specific DevOps.
Advantages of Cloud Computing
As previously mentioned, there are several obvious advantages to cloud computing including the potential cost saving, as well as the deferred responsibility of another party managing the physical infrastructure of your computing needs.
Another advantage is the ability for a business to easily scale its storage or processing power as needs dictate. This feature means cloud computing is an appealing option to start-ups and other growing businesses whose computational needs are not fixed and would otherwise need to continuously be building and advancing their physical systems and collection of hardware.
Much of the time with cloud computing services, a business will only pay for the resources being used, meaning that projects and tests may be carried out without big upfront costs and the need for the time usually spent on procuring hardware.
Worth noting is fact that cloud storage invariably saves data in an encrypted form, meaning cloud-based data will, whilst in storage be strongly protected against threat actors and will likely comply with data protection regulations requiring information to be obfuscated.
Cloud services can also be used for backing up data, and for many individual users, this may be the sole reason for using the cloud. In the event of a ransomware or any malware attack, locally store data may be rendered inaccessible. To avoid the need for paying ransom or other lengthy and expensive data recovery processes, a separate copy of data should be kept for purposes of data restoration.
Does Location Matter?
Though many cloud computing services emphasise the idea of your data being stored away in some immediately accessible nether zone, the geographical location of the centre where your data is being stored, depending on your organisational needs, may be important to consider. Not only for practical issues, but in regard to security also.
Firstly, though bytes move fast, if the data centre you are using is located on the other side of the world, you may notice things moving a little more slowly than if it was on the other side of your town. Secondly: local laws matter.
Certain legislation, for instance the European Union’s General Data Protection Regulation (GDPR), can contain stringent rules on the transport and storage of personal data. For instance, under GDPR the data of EU citizens cannot be exported out of the EU without assurance that the host nation upholds data protections standards equivalent to that of Europe’s.
Maximising Cloud Stored Data Security
As with all elements of IT infrastructure, information security should always be at the forefront of an organisation’s strategy. With cloud-based computing, there are plenty of steps that can be taken to improve a businesses ability to secure its data.
Though previously noted that cloud stored data is invariably kept in an encrypted form, and can be considered generally secure, it should be known to all members of staff, decryption keys must be kept as confidential and secure as possible.
There are many methods which can be utilised by malicious parties to gain this highly sensitive information, and human error, malicious or negligent, is a significant contributor to failures of confidentiality. To combat this issue, regardless of cloud usage, proper training should be prescribed to any staff with access to sensitive information/logins credentials.
An effective information security strategy should also keep in mind the principle of redundancy, particularly regarding the creation of backups. In the event of catastrophe, let’s say a ransomware attack, it would be of little comfort to discover that backed up data was also infected or physically compromised because of poor security planning.
Backups should be kept separate and secure, away from the original location and outside of the normal points of failure that would render it useless. With particularly sensitive information, multiple backups should also be considered, possibly even with different cloud service providers.
Conclusion on Cloud Security
Depending on your organisations needs, cloud computing can offer a secure, cost effective, and versatile storage and processing solution. Though it is not inherently solving all your information security needs; for those of you asking, ‘is information stored in the cloud secure?’, the reality is cloud computing is only as strong as it’s users.
If you’re currently in the process of deciding key elements of your IT infrastructure and wondering about the general security, as well as finding out all you can about the cloud service provider’s security, it’s probably time to start asking the difficult, but necessary questions about staff and security.
No matter how your data is structured and stored, it’s never a bad idea to take steps to help eliminate or minimise the information security threat that arises from human error.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
The Biggest Data Breaches and Hacks of 2019: As a new year begins, it's time to begin reflecting on what has been observed. Blog by Hut Six
Google Chrome introduces new password safety features. Cybersecurity blog by Information Security awareness training provider Hut Six.
What is pseudonymisation, and why it important to GDPR compliance? Blog from information security awareness training provider Hut Six.
An extremely serious Windows 10 Security Flaw has been exposed by the NSA. Blog by cyber security awareness training provider Hut Six.
How safe is WiFi? Use these WiFi safety tips to help keep you secure online. Blog from cyber security awareness training provider Hut Six.
Travelex enters its third week of shutdown at the hands of a ransomware attack. Cyber Security blog by cyber security awareness training provider Hut Six.
Malware is a persistent threat that can affect every aspect of our digital lives. Identifying, avoiding and removing it are essential to your information security.
How can simulated phishing attacks improve your organisation's security awareness? Blog from information security awareness training provider Hut Six.
The CIA triad consists of three principles upon which professionals typically focus. Blog by Information Security awareness training provider Hut Six.
Will Certificate Transparency Help to Rebuild Confidence in Certificate Authorities? Blog by information security training provider Hut Six Security