If there is one thing everyone knows about cybersecurity, it’s this: The cloud is secure. But as with everything in technology, what everyone knows is changing yet again. Bad actors — both rogue and state-sponsored — have aimed their recent attacks at what has traditionally been perceived as the internet’s impenetrable security stronghold. Last year’s Russian-sponsored Sunburst attack affected more than 100 major corporations and several U.S. federal agencies — including the Departments of the Treasury, Energy, Justice, and Homeland Security. In May, Foreign Policy reported, “A crucial part of the Russians’ success was their ability to move through these organizations by compromising cloud and local network identity systems to then access cloud accounts and pilfer emails and files.” And the Sunburst attack wasn’t the only recent instance of cybercriminals exploiting cloud vulnerabilities.
The cloud is under attack
As cloud-based systems become the standard for personal, corporate, and government information technology, the potential for massive security and economic disruption increases exponentially. A relatively small number of service providers also “concentrate key security and technology design choices inside a small number of organizations. The consequences of bad decisions or poorly made trade-offs can quickly scale to hundreds of millions of users.”
The Sunburst attack revealed critical problems with cloud security. First and foremost, was the failure — particularly on the part of the U.S. federal government — to accurately assess and manage cybersecurity risk from both the government’s perspective and that of malicious actors. Second, the shared responsibility model of cloud-based security puts the burden of permissions management and boundary definition on users. Providers then act as enforcers. The shared responsibility model is useful in theory, but it depends on user knowledge and technological capabilities, the protection of “linchpin technologies” on which multiple critical systems depend, and awareness of increasing security risk as cloud computing continues to expand.
Infosecurity Magazine reports, “The volume of attacks on cloud services more than doubled in 2019, in line with the trend of organizations increasingly moving operations to the cloud.” As the cloud continues to grow in popularity, it becomes more tempting prey for bad actors and is now among the top three targets for cybercriminal activity.
Is it time to panic? Should you move your data storage back on-site? Not just yet.
The cloud is still more secure
Despite what appear to be dire straits, TechBeacon says, “Moving your data to a reputable cloud hosting service such as Amazon Web Services or Microsoft Azure provides a level of security that can’t be duplicated on site. That’s because most organizations simply don’t have the financial or staffing resources to provide the same security benefits as large cloud services providers can.”
Cloud service providers (CSP) use multiple layers of both physical and digital security protection. CSP data centers are surrounded by barriers, patrolled by guards, and monitored by video surveillance. Cloud storage restricts on-site access to your data by your visitors, vendors, and even unauthorized employees. CSPs also guarantee reliable access to the data you need when and where you need it with redundant storage and real-time updates to prevent data loss.
Recent cyberattacks highlight a need for more cybersecurity, but CSPs remain the bastion of cybersecurity expertise and development. CSPs use state-of-the-art multifactor authentication and access control systems to give your data the best available protection from cybercriminal breaches. Your data is still safer in the cloud than it ever was down the hall.
Shoring up cloud vulnerability
With an ongoing cybersecurity talent crunch, finding qualified staff is difficult for companies that can afford to pay top dollar. So, what can you do to protect your company’s data when cyberattacks are on the rise and even the unassailable cloud is showing weakness?
Start with a good, long look in the mirror. Are your cybersecurity efforts the best they can be? Are you unintentionally undermining cloud security? Many of the top cloud security concerns are caused by knowledge gaps on the user end. If you don’t have a seasoned cybersecurity team, you might have flaws in your security strategy. Are you vulnerable to:
- Unauthorized access from unrestricted access controls?
- Misuse of employee credentials?
- Insecure application user interfaces (APIs)?
- Misconfigured cloud storage?
If you’re short on in-house data security resources, and have doubts about your cloud-based solutions, a cybersecurity consultant is the answer. A cybersecurity partner has the expertise and capabilities to:
- Identify your cybersecurity vulnerabilities.
- Set up multifactor authentication access controls.
- Install and monitor AI-driven security tools.
- Audit your organization for compliance with cybersecurity rules.
- Train on-site and remote employees to protect your data.