Cloud Computing in the Age of the Data Breach

In the past few years, many organizations and consumers have considered how to leverage the cloud. Just shy of the IDC prediction, the global cloud market is now worth $95.8 billion. Further growth in 2015, projected at 23.2 percent, shows that many organizations are ready to shift to a cloud strategy. We’re now presented with a world of opportunity where users are no longer shackled by storage or computational barriers, and content is easily shared across all platforms.

But we’ve come to learn that with opportunity also comes risk. These risks could result in potentially irrevocable damages for businesses – potentially tarnishing a brand name and affecting a company’s future. In order to prevent such events, organizations have begun taking measures to increase physical and data security to boost confidence in the technology.
Despite these efforts, a disconcerting result was that data security didn’t line up with the majority of ways data was actually breached in 2014. While I commend the efforts of many cloud providers and online services, some of the major culprits still exist:

• Cross site scripting (XSS): A type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.

• Denial of Service (DoS): An attempt to make a machine or network resource unavailable to its intended users. Although the means, motives, and targets for carrying out a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

• Phishing: A classic cyber-criminal technique where falsified communications (emails and instant messages) are sent to users disguised as a legitimate communication. First appearing in the mid-90s, this attack is still responsible for some of the largest and most catastrophic attacks today.

Keeping these basic threats in mind, I recommend organizations implement different approaches for securing their cloud operations. Here are four ways to protect sensitive data from future attacks:

1. Decentralization: An attempt to improve speed and flexibility by reorganizing networks to increase local control and execution of a service. This also helps prevent maximum damage from data breaches by spreading data out over different networks or servers.

2. Front Door: Think of your organization as a home to your data. The primary point of entry in a home is the front door.Make sure you have a sturdy lock installed by preventing instances of accidental breach (e.g. users having too much permission as well as leaving passwords out in the open or making them too simple), social engineering, or exploiting password reset. Host training sessions for your employees on security best practices such as password design and storage.

3. Just-in-Time Access: Access is granted on an as-needed and only-at-the-time-of-need basis. After the predetermined duration expires, the user loses access. This type of protection is most helpful when dealing with contract-based or temporary employees.

4. Traceability: Overcoming non-transparency concerns by reproducing and displaying the chain of events from log information indicating human operations, file transfers, and process activity as well as information from related systems – such as authentication and equipment management systems. This allows organizations to track the transfer of data so it is not shared with outside entities or stored by employees for unlawful use.
2015 should be a year in which we do not fear the cloud or online services – it should be a year where we not only entrust providers like Microsoft, Amazon, Google, and Rackspace to safeguard our critical information on their platforms, but also fortify our own efforts to guard the front door.

This blog post was written by Shyam Oza, Senior Product Manager, AvePoint.

AvePoint are already signed up as a platinum sponsor for ESPC15. For more on Sponsorship opportunities please email maureen@sharepointeurope.com

AvePoint is the established leader in enterprise-class big data management, governance, and compliance software solutions for next-generation social collaboration platforms. Founded in 2001 and headquartered in Jersey City, NJ, AvePoint serves over 13,000 organizations worldwide. AvePoint is privately held and backed by Goldman Sachs and Summit Partners.