As cloud storage grows more popular, cloud storage security has become an urgent topic. It's a topic that businesses realize can prove challenging. Creating a set of best practices that ensures data security presents a broad array of issues and risks.
That’s because cloud storage revolves around anywhere, anytime access to data and encompasses a broader set of users, applications and data sources. Even if a cloud isn’t breached, it’s possible for hackers to break into individual accounts on Google Drive, Dropbox, Box, Microsoft OneDrive and other cloud storage providers.
Here’s a look at what it takes to address cloud storage security and better protect cloud data:
Cloud Storage Protection Basics
A starting point for any cloud storage security initiative is to understand how data is stored in the cloud. At the most basic level, clouds rely on logical pools to store data across multiple servers. A storage service provider operates these systems, off premises, and connects the entire environment through a control node.https://o1.qnsr.com/log/p.gif?;n=203;c=204660761;s=10655;x=7936;f=201812281257540;u=j;z=TIMESTAMP;a=20400368;e=i
This control makes it possible for a person with an Internet connection to access files on demand. Such flexibility is increasingly critical as organizations look to become more agile and flexible.
Cloud data security typically involves a number of tools, technologies and approaches. A major advantage to the cloud is that many security elements are already built into systems. This typically includes strong encryption at rest and in motion. It may also involve:
- Geo-fencing. The use of IP addresses and other geolocation data to create a geographic boundary and identify suspicious activity.
- Policy-based lifecycle retention. Systems use data classification polices to manage and automate how data is stored, retained, archived and deleted.
- Data-aware filtering. This function allows organizations to watch for specific conditions and events – and who has accessed information and when they accessed it. It can be tied to role-based authorizations and privileges.
- Detailed logs and full user/workload audit trail reporting. The ability to peer into logs and audit workloads can provide insight into security concerns and vulnerability risks.
- Backup and recovery functions. These essential capabilities allow an organization to navigate an outage but also deal with security risks such as ransomware attacks and maliciously deleted data. Robust cloud-based disaster recovery solutions leads to availability across all conditions.
Cloud Storage Security Risks
Cloud data security involves more than simply backing up files. It’s also important to recognize that syncing files doesn’t ensure protection because key files may not be backed up. What’s more, commercial service providers have different ways of storing and managing files. They may or may not offer revision histories, and they may store previous versions for only a specific period of time. A 2017 Varonis Global Data Risk Report found that 71 percent of all folders contained stale data.
Too often, organizations wind up with valuable data residing unnecessarily in the cloud, or groups may erroneously believe that files have been backed up in the cloud. Without a clear understanding of where data resides and how data providers manage data, it’s impossible to develop an effective cloud data protection plan.
This lack of insight can wreak havoc if a breach takes place. An organization may find that critical files are suddenly not accessible – or they may no longer exist. On the other hand, IT managers may discover that critical data – that shouldn’t have been sitting in the cloud – was stolen. In a worse-case scenario, the data may wind up in the hands of hackers and thieves.
A crucial area of cloud data protection involves web application security. It accounts for 75 percent of all incidents flagged in an 18-month evaluation period, according to the 2017 Cloud Security Report from Alert Logic. In addition, web application security firm Veracode reported that 56 percent of all PHP apps alone had at least one SQLi vulnerability. These vulnerabilities invite brute force attacks, malware infections, undesirable outside reconnaissance, and denial of service attacks.
Another problem is inadvertently leaving old, unused and rogue devices and apps connected to the cloud. Shadow IT increases exposure points while increasing the sheer volume of data to oversee and protect. A device or password breach may allow hackers to gain access to a system.
How Safe is Cloud Storage?
There’s a growing recognition that major cloud providers typically deliver more robust security than on-premises systems. Alert Logic reported that firms experienced a 51 percent higher rate of security incidents at on-premises data centers versus public clouds. Among the key advantages of cloud storage:
- Clouds deliver greater end-to-end visibility into data and security practices.
- Clouds offer a single point of management for encryption keys.
- Vendors frequently offer centralized cloud storage controls for managing users and data.
- Clouds reduce and sometimes eliminate the need for on-premises security architecture that may be configured inconsistently or incorrectly.
- Cloud storage providers typically update systems quickly to reflect emerging or changing security threats.
Clearly, cloud storage adds additional concerns – and often complexity – to a data security strategy. It requires an enterprise to rethink cloud storage security standards. But it can ultimately result in lower costs and better overall data protection.
Cloud Storage Security Best Practices
It’s vital to establish a cloud storage framework and cloud storage security standards. Here are five cloud storage best practices:
Assess your cloud framework.
Secure cloud storage requires an organization to identify all the devices and apps that connect to the cloud. It’s also vital to understand what cloud storage systems exist within an enterprise, who uses them and how they use them.
An organization can achieve high security cloud storage by mapping how data flows across systems, devices, applications, APIS and clouds. Fortunately, many cloud storage applications display other apps and services they connect with. This can greatly simplify the task of mapping, and, if necessary, disconnecting from another app or service.
Determine how cloud storage providers address privacy and security.
Terms of service agreements are a good starting point for identifying the general protections a cloud provider offers. But it’s not enough to ensure secure file storage. Cloud vendors frequently update terms of service and user agreements. This makes it relatively easy to overlook a seemingly minor change that can have a major impact on privacy and security.
In addition, most agreements don’t cover the details of how a cloud storage provider implements security, what specific protections it uses, and what happens in the event of a breakdown or breach. As a result, it’s important to define policies and procedures closely. This may require further discussion and negotiation.
Know what protections are in place.
Cloud security encryption is a fundamental requirement. It’s important to know how a cloud storage provider uses encryption, including in transit between data centers, servers and storage devices – along with who controls encryption keys and how they are applied to specific data sets.
Likewise, an organization using a cloud provider should know who has access to systems and what other protections it has in place to protect against everything from distributed denial-of-service (DDoS) attacks to application security flaws.
Put data classification methods into motion.
All data is not created equal. Treating it the same is a recipe for security failures inside or outside a cloud environment. What’s more, data security is becoming more complex as organizations accumulate larger volumes of unstructured data.
Consequently, it’s important to understand the value of data, whether it should be stored in the cloud or archived on media such as disk or tape, and how all of this translates into risk tolerance for the enterprise. Another factor is data compliance for government regulations such Sarbanes-Oxley or the General Data Privacy Regulation (GDPR) in the European Union. Some cloud storage services offer built-in tools to facilitate these processes.
Use multi-factor authentication across all devices and systems.
The widespread use of multi-factor authentication can reduce the risk of someone gaining unauthorized access to a system or application and using it to unleash malware or gain a backdoor into other data. While the risk may be greater for administrator accounts, it doesn’t disappear for standard applications and tools. Multi-factor authentication can aid in protecting sensitive data from hackers, disgruntled employees and other insiders that may intentionally or inadvertently put data at risk.
In the end, an enterprise can achieve strong cloud data security by focusing on computing and data frameworks across vendors, and learning how to use and manage new tools and techniques. It's also essential to work closely with cloud providers to ensure that data storage security methods meet their requirements. A best practice approach helps an enterprise achieve the most secure cloud storage possible.