Stuart Gentle Publisher at Onrec

Understanding the security risks of the cloud

More companies than ever are dedicating a larger percentage of their IT budgets to Cloud computing.

This isn’t a surprise considering the cloud provides instant access to data and applications on practically any internet-connected device. Cloud computing also offers businesses countless other benefits, including increased scalability, improved collaboration, and reduced overheads.  But as businesses race to the cloud to partake of them, the security risks can be overlooked.

It’s essential that when considering the move to the cloud, that businesses partner with expert IT partners and service providers who can prevent and avoid costly security breaches and mistakes from occurring.

A leading IT consultancy firm (Computer Geeks) have shared their top 5 tips for businesses to understand the security risks of the cloud and how partnering with a trusted IT provider can make all the difference when it comes to avoiding these risks:

1.    Ensure that you have complete visibility into your IT providers security infrastructure and settings.

When a business migrates to the cloud, a third-party provider is responsible for managing their data and applications. Make sure that they’re doing this securely. Ask your IT provider whether they use advanced intrusion prevention systems and threat detection techniques. Even if your cloud provider claims they will keep your data safe under their supervision, it’s still important for you to have complete visibility into their security infrastructure and settings.  Ask for a copy of their latest security audits and inquire about previous instances of data loss. This should give you a rough idea of the level of security they provide. Since your data will be stored off site, it’s also a good idea to ask them where precisely it will be stored and for their policies on reporting cybersecurity incidents. Then, find out which files and apps they are responsible for protecting and what security features they offer.

2.    Assess the physical security of your IT provider’s facilities

Employees or cybercriminals breaking into server rooms can’t be dismissed, so it’s important to assess the physical security of your provider’s facilities. Ideally, your contract should plainly state who is authorised to look after your servers, and ensure your provider has surveillance systems to deter break-ins.

3.    Make sure your provider has enabled multi-factor authentication

For the most part, major cloud vendors use robust security measures to keep cybercriminals at bay. But when hackers can’t get into cloud-hosted servers via conventional cyberattacks; they resort to social engineering tactics to bypass security systems and steal your users’ login credentials.

To mitigate this risk, make sure your provider has enabled multi-factor authentication; to add an extra layer of verification in addition to strong passwords. Another important element to consider is your access settings. This allows you to assign privileges to specific users, which will prevent hackers from stealing sensitive documents if they ever manage to breach your first-line defences.

The surest way to stay safe in the cloud, however, is to provide security training to your users. Employees should be trained to the point where they can identify fraudulent emails, links, and websites at a glance as well as fully understand that passwords must be more than 8 characters long and include a combination of letters, numbers, and symbols.

4.    Check that ‘multitenancy’ doesn’t lead to your data being compromised

The main concern about cloud servers is that; they’re shared with other customers called “tenants,” whose questionable data and account management practices can compromise your files. And if cloud providers aren’t careful, sensitive data could leak into another tenant’s account.

Fortunately, these problems are easy to avoid. For instance, encrypting files before uploading them to the cloud prevents unauthorised users from accessing or modifying them. It’s also best to ask your provider for any guarantees that your data is completely segmented from other tenants’ systems.

But if you’re still weary of sharing with other tenants in a “public cloud” environment, hybrid cloud environments provide a safer option. They allow you to store your most sensitive files in a private server while keeping less sensitive documents in a public server.

5.    Check your IT providers data backup, recovery strategies and service level agreements.

Whether your data is stored on-premises or in the cloud, the threat of downtime-inducing cyberattacks is real. As such, your provider must have high uptime guarantees and a comprehensive data backup and recovery strategy; listed in their service agreements.

A good service agreement is when the provider promises to duplicate and store your data in multiple, failure-free data centres. This way, if their primary server goes down; you’ll have complete confidence that they can keep your business running on a secondary server.

Considering the above list, it’s understandable to think that storing data in the cloud is risky. But with the right tools and an expert cloud provider, you’ll never have to worry about these risks.