There has been a lot in the news recently about security breaches. The Heartbleed virus, NSA snoopings and before all that, the leaked documents published on Wikileaks. All of these breaking news security scandals have caused deserved concern about how secure our computers and networks really are.
With the advent of Cloud computing (a form of computing which leaves the user with less control over their stored data) we have seen security concerns turned its way and in this blog we want to look at the potential risks and what we consider to be the biggest cause for concern; the human element. But first a look at Cloud technology.
Cloud services can be broken down into 3 categories:
- Software as a Service (SaaS): the customer can use the provider’s tools running on a cloud infrastructure. The tools can be accessed through a web browser. An example of this would be accessing your email through Internet Explorer.
- Platform as a Service (PaaS): this allows the customer to deploy his or her applications on to the cloud without having to do so on the local machines.
- Infrastructure as a Service (IaaS): this gives the ability to the customer to facilitate processing, storage, networks and other critical computing resources on to a cloud infrastructure in order to run software such as and operating system and certain applications.
Whether we realize it or not a lot of our day to day activities have moved from the physical world to the Cloud. For example, instead of going to the store to buy a pair jeans, it's more convenient to pick up your computing device and order your jeans from an online retailer. For that transaction to take place, you have to give out some very personal and sensitive information, like a home address and credit card number. What are the consequences of this information being hacked into?
What about at your work place, where once all documents were stored on your hard drive now they are being uploaded to a cloud based storage system. What happens when someone breaks into the network and is able to steal confidential information?
According to businesses that provide cloud based services, security is built into DNA of cloud computing. On top of that there are several key world-class industry standards and certifications that cloud computing providers should be adopting to give the consumers the confidence that the solution they are providing is robust and secure. For example, SharePoint is ISO 27001, HIPAA and FISMA certified amongst others.
The reality is that no matter how strong your security architecture is, it will not keep your business secure unless the proper processes and effective controls are put in place to control the human factors that compromise security. Human factors are the number one cause for security issues in the Cloud but we believe that with the right approach to Cloud security they can all be managed effectively.
The purpose of this blog is to point out 3 of the top causes of security breaches that involve the human element, and they are:
- Absence of proper employee background checking and weak hiring processes - this is critical as some privileged users in an organization have literally unlimited access to sensitive Cloud data.
- Insufficient training related to security - as previously stated humans tend to be weakest link in information security and this holds true in any type of organization. But when you factor Cloud services into this scenario the impact will be larger, as there are more people interacting with the Cloud such as end users, suppliers, Cloud service providers and even third party providers.
- Lack of customer background investigations - this might not seem obvious at first but Cloud service providers need to be more vigilant as to who is opening an account with them. The scenario that anyone with a credit card and an email can open an account should not exist.
Security experts need to be able to see and detect risks in all areas related to Cloud computing: technologies, processes and especially people. Technology and processes are much easier to deal with as they run and follow a predetermined program and path. People on the other hand generally tend to want to veer off even the best formulated processes.
The Cloud is already gaining momentum and that means more and more people are interacting with each other and the Cloud in a variety of complex process flows. Security professionals have a tough job ahead in coming up with solutions to keep employees following stringent security protocols so that their Cloud remains secure and people proof. Make sure to keep an eye out for our future blog on best practices for maintaining a secure Cloud with the very best BrightStarr top tips. If however you can't wait to discuss some of these concerns face to face, then why not join our upcoming Cloud Seminar via the button below, and chat to us at our event in London on May 21st.