Security in the cloud

There has been a lot in the news recently about security breaches. The Heartbleed virus, NSA snoopings and before all that, the leaked documents published on Wikileaks. All of these breaking news security scandals have caused deserved concern about how secure our computers and networks really are.

Security in the cloud

With the advent of Cloud computing (a form of computing which leaves the user with less control over their stored data) we have seen security concerns turned its way and in this blog we want to look at the potential risks and what we consider to be the biggest cause for concern; the human element. But first a look at Cloud technology.

Cloud services can be broken down into 3 categories:

  1. Software as a Service (SaaS): the customer can use the provider’s tools running on a cloud infrastructure. The tools can be accessed through a web browser. An example of this would be accessing your email through Internet Explorer.
  2. Platform as a Service (PaaS): this allows the customer to deploy his or her applications on to the cloud without having to do so on the local machines.
  3. Infrastructure as a Service (IaaS): this gives the ability to the customer to facilitate processing, storage, networks and other critical computing resources on to a cloud infrastructure in order to run software such as and operating system and certain applications.

Whether we realize it or not a lot of our day to day activities have moved from the physical world to the Cloud. For example, instead of going to the store to buy a pair jeans, it's more convenient to pick up your computing device and order your jeans from an online retailer. For that transaction to take place, you have to give out some very personal and sensitive information, like a home address and credit card number. What are the consequences of this information being hacked into?

What about at your work place, where once all documents were stored on your hard drive now they are being uploaded to a cloud based storage system. What happens when someone breaks into the network and is able to steal confidential information?

According to businesses that provide cloud based services, security is built into DNA of cloud computing. On top of that there are several key world-class industry standards and certifications that cloud computing providers should be adopting to give the consumers the confidence that the solution they are providing is robust and secure. For example, SharePoint is ISO 27001, HIPAA and FISMA certified amongst others.

The reality is that no matter how strong your security architecture is, it will not keep your business secure unless the proper processes and effective controls are put in place to control the human factors that compromise security. Human factors are the number one cause for security issues in the Cloud but we believe that with the right approach to Cloud security they can all be managed effectively.

The purpose of this blog is to point out 3 of the top causes of security breaches that involve the human element, and they are:

  1. Absence of proper employee background checking and weak hiring processes - this is critical as some privileged users in an organization have literally unlimited access to sensitive Cloud data.
  2. Insufficient training related to security - as previously stated humans tend to be weakest link in information security and this holds true in any type of organization. But when you factor Cloud services into this scenario the impact will be larger, as there are more people interacting with the Cloud such as end users, suppliers, Cloud service providers and even third party providers.
  3. Lack of customer background investigations - this might not seem obvious at first but Cloud service providers need to be more vigilant as to who is opening an account with them. The scenario that anyone with a credit card and an email can open an account should not exist.

Security experts need to be able to see and detect risks in all areas related to Cloud computing: technologies, processes and especially people. Technology and processes are much easier to deal with as they run and follow a predetermined program and path. People on the other hand generally tend to want to veer off even the best formulated processes.

The Cloud is already gaining momentum and that means more and more people are interacting with each other and the Cloud in a variety of complex process flows. Security professionals have a tough job ahead in coming up with solutions to keep employees following stringent security protocols so that their Cloud remains secure and people proof. Make sure to keep an eye out for our future blog on best practices for maintaining a secure Cloud with the very best BrightStarr top tips. If however you can't wait to discuss some of these concerns face to face, then why not join our upcoming Cloud Seminar via the button below, and chat to us at our event in London on May 21st.

Sam Hassani Principal Consultant

‘Sensible’ Sam is an asset to the consulting team. Having jumped the fence from Microsoft a few years back, he now consults and designs large scale SharePoint, O365 and Azure solutions for BrightStarr. His conscientious approach got him his nickname, and although he’s not afraid to take risks, he’s always a safe bet. Delivering stable, well thought out solutions time and time again.

In his previous job, he specialized in SharePoint, working in the field and with the product team, Sam is genuinely excited by his vocation and speaks at conferences and events with enthusiasm. Just don’t get him started on hybrid search! At the weekend Sam likes to ride his road bike and hang out with his young son.

Twitter Feed

Where Next? Relevant Stories and Insights.

Private Azure Cloud with Windows Azure Pack
Private Azure Cloud with Windows Azure Pack
Microsoft have recently released the trial version of the Windows Azure Pack.
Getting the most out of SharePoint end-user training
Getting the most out of SharePoint end-user training
SharePoint is the fastest selling technology from Microsoft, thus inevitably every week or so there are groups of people waking up and attending SharePoint training sessions mandated by their employer, however it's important to realise that not all training sessions are made equally. How well the trainer performs can echo deep into user adoption and consequently, into the longevity of the platform.
Why you can't launch SharePoint and let go
Why you can't launch SharePoint and let go
Most people know that SharePoint is an exceptionally powerful productivity tool for the enterprise but to really get the most out of a SharePoint Intranet you have to consider your organization's 'SharePoint journey'.