Try for free
    12.03.2022

    Is It Easy to Ensure Security of the Cloud?

    Cloud technology is evolving at a fast pace, many storage applications already have a cloud alternative, not to mention email services that offer cloud storage by default as soon as an account is created. According to the results of a large information security survey among multi-million dollar corporations, more than 83% of the surveyed companies use cloud services for storing documentation, operational archives, and other data. According to analysts' forecasts, the number of incidents of data leaks from the cloud will decrease by more than 50%, while the same leaks from traditional data centers will only increase. It has long been known that more than 95% of confidential information leaks are due to human error and, unfortunately, cloud services are not yet immune from this, so at present a huge part of the development of information security programs is focused on data protection in the cloud.

    In that case, what is the best way to protect your data in the cloud? Wouldn't it be easier to store them on portable media, give access to a limited number of trusted persons, and leave them on a secure company server? Read on, here we discuss many aspects of cloud storage security.

    Risks of storing information in the cloud

    Network Security

    One of the biggest tasks and responsibilities of a cloud service provider is network security. Unlike the local network, all data is stored on the side of the cloud provider, so it is in his competence to provide for possible violations. Encryption of network traffic using SSL and TSL certificates is very popular; these types of encryption between the browser and the server are considered one of the most reliable.

    Identification and access control

    It is critically important to take care of the issue of secure access to cloud storage, especially if it is a large company, where an access error can literally cost data leakage. Standard security measures include a firewall, multi-factor user authentication, extensions to detect unauthorized login attempts. Using these elements, you can significantly reduce the risk of compromising information.

    Apart from the above, companies are highly recommended to install a good DLP system. Such a service is precisely aimed at protecting the organization from data leaks by controlling the maximum number of communication channels, including, of course, cloud storage. One of the most reliable DLP on the market is Falcongaze's SecureTower - a 2 in 1 DLP system: information leakage protection + staff loyalty control.

    SecureTower keeps track of all files uploaded by the user to the Internet through the browser. The system controls all cloud services Dropbox, OneDrive and Yandex.Disk, Google Drive, iCloud, Mail.ru and others (desktop and web versions of storages are controlled). The system analyzes information about file operations on network resources, intercepts recorded files, controls access to network resources, and also allows you to flexibly configure exceptions to control operations only with important files and folders and not interfere with other business processes.

    Analysis of possible vulnerabilities

    The proper level of cloud storage protection is achieved by periodic pentesting as well. Pentester (penetration tester) is a special person who takes the place of an attacker and, thinking like him, tries to penetrate the system and find possible vulnerabilities. If the pentester failed to break through the storage and find a gap, it means that the protection against hacking is provided at a good level and users can be calm about their data at least until the next update (which is also recommended to be done regularly).

    Data backup

    Yes, cloud storages, like instant messengers, and other applications also create a backup copy of all files and periodically upload them to their own dedicated server. Not all repositories have this feature, but you can check if it is provided. If not, there is always an option to upload the same data to a third service or media manually. Ideally, data backup should be configured and carried out automatically, once in a selected period of time (week, two weeks, month), depending on the frequency of replenishment and data updates.

    Compliance with data protection laws

    When creating a cloud storage, especially with a large amount of sensitive data, you should consider the rules for storing information in accordance with the laws of your country. If your company is the creator of the software solution itself, which provides data storage services, you need to pay special attention to the regulations and requirements in the relevant industry. Unless you are building your entire system from scratch, you need to choose the right infrastructure provider. When choosing, it is important to think about what standards and rules are vital to you now and what standards you may have to comply with in the future. Otherwise, you risk wasting time and money switching vendors due to compliance issues.

    Why do some still prefer local storage methods over the cloud?

    1. Laws and regulations of the country. In some countries, the use of cloud services is limited. For example, an individual can use the cloud, but companies, due to the high risk of data loss or the complex legalization of the process, cannot.

    2. Delay in uploading and processing data. Imagine a huge multimillion-dollar corporation buying itself a place in the cloud and uploading all the necessary documentation there every day, storing almost nothing locally. Such data arrays require a lot of processing power, and with the slightest interruption in communication, this time of processing and providing data also increases. And if the information is needed urgently ..?

    3. Incomplete deletion of data. Although cloud services create backups for every piece of data, there is still a chance that a backup copy of data or a piece of data will remain in the cloud even after deletion.

    4. Separation of duties. Speaking of large companies, a service agreement is usually concluded between a cloud service provider and a corporation, which spells out the rights and obligations of each party. Failure to comply with the terms of the contract is a violation that is fraught not only with the legal side of problems but also directly affects the security of stored information.

    5. Access to data. The cloud can store (and store) information of different levels of secrecy. As we already mentioned, 95% of violations are due to human error, so you need to carefully state which employees have the right to access and to which information. We remind you about multi-factor authentication for each person who has access to secret data.

    Conclusion

    Cloud is an essential tool for protecting information in 2022. When choosing a cloud service for storing data, a company needs to focus on many factors that, if ignored, will lead not only to the loss of confidential company information but also, possibly, finances and reputation. So we definitely recommend using the cloud, but be sure to control all the aspects that we described in this article: from installing a reliable DLP system to carefully check the contract for the provision of cloud storage services.

    Important publications

    The SecureTower DLP system

    • Protection against data leaks caused by employees
    • Control of employees' work on computers
    • Identification of potentially dangerous employees (risk analysis)