617.938.6200
In a recent study, the Ponemon Institute interviewed 3,476 IT professionals and IT security practitioners from the US and around the globe. It was discovered that 73 percent of respondents find cloud-computing and cloud-based services vital to their organization’s operations. 54 percent however, said that their companies don’t have a proactive approach to security. As cloud-computing becomes more useful and popular, it is critical to pay attention to the security of these cloud services, especially when the customer data stored in the cloud is the data most vulnerable to hackers. According to the report, “protection of data in the cloud is important but not practiced.” Security breaches result in a lack of customer trust, which leads to a decline in revenue.
Here are some of the top cloud-computing security threats:
1.It is difficult to implement security
“54 percent of respondents said it is more difficult to protect confidential or sensitive information when using cloud services.” Many respondents say that their companies are not compliant with data and privacy regulations. This left customer information as the most vulnerable data.
49 percent of respondents reported that their cloud services were implemented by a department other than IT, and 47 percent reported that their cloud environment was not managed by an IT department. This is a huge problem, given how difficult it is to apply “conventional information security in the cloud computing environment.” On top of that, cloud service providers are not always transparent, so it can be difficult to inspect them for holes in security without the help of an IT staff.
To deal with these intricacies and more, it is vital to have an IT team managing your cloud environment, to ensure best safety practices are being followed.
2.Lack of control over end user actions
Many end users are accessing data and information in the cloud, before it has been evaluated for security. When asked the reasoning behind this, 69 percent said that they could not control their end users, and 58 percent said there were not enough resources to conduct an evaluation.
Conducting security audits to determine user behavior and how users interact with cloud services can offer insights on security holes. It is important to monitor what users are accessing what information, and where that information is being stored. This is also an area where using a managed IT service could benefit you and your company.
3.Lack of encryption
While 72 percent of respondents agree that it is important to encrypt or tokenize sensitive data, only 39 percent said that this technology is actually being used by their company. Two-factor authentication also makes it tougher for hackers to bypass login credentials. These small extra steps add a lot of security.
4.Third party users have access to data stored in the cloud
58 percent of respondents reported that their companies allow third party users to access their information and data. 50 percent also said that their companies used multi-factor authentication for employee cloud access. However, “when asked the percent of cloud applications that have user-enabled access controls, the average is only 18 percent.”
Organizations need to be aware of what data third party users have access to, and limit access to sensitive information.
5. It is difficult to manage user identities
67 percent of users reported that it is harder to manage their user identities in the cloud than the “on premise environment,” yet organizations are not adopting easier and more secure methods.
“For example, 45% of companies are not using multi-factor authentication to secure employee and third-party access to applications and data in the cloud, which means many are still relying on user names and passwords to validate identities.”
NSK Inc. provides solutions to these security risks with the Pavis Backup and Disaster Recovery Solution. Pavis is unlike other Cloud Computing services on the market, as Pavis employs a Hybrid Cloud model that fuses the scalability of a Public Cloud with the security of a Private Cloud. Learn more, here.
(photos curtesy of Google images)