Contact Us

Contact Us

Please get in touch using the form below

I prefer to be contacted by:
View our privacy policy
Learn about the ongoing impact of the ProxyLogon Microsoft Exchange Server vulnerabilities, and how to protect your business. Watch our Q&A.

A company’s data is one of its most valuable assets, yet also one of its most at risk.

While customer and business data is essential in supporting a variety of business functions, it is also a lucrative target for cybercriminals. According to a recent report, one small business in the UK is successfully hacked every 19 seconds.

In this article, we explore key cloud security risks and outline controls to help protect data and assets in the cloud.

 

What is cloud security?

A cloud environment being monitored for threats

Cloud security is the implementation of security controls to protect confidential information stored in cloud environments and reduce the risk of data breaches. It is essential to safeguarding the data of organisations that use cloud infrastructure, cloud platforms and cloud services.

Prior to the Coronavirus pandemic, the cloud had an increasingly important role in many workplaces. However, reliance on SaaS applications such as Microsoft 365, G Suite and Zoom has grown significantly in recent times due to the flexibility these solutions provide for remote working.

A recent survey revealed that 87% of IT decision-makers think the COVID-19 pandemic will lead to an increase in migrations to the cloud.

 

Cloud security benefits

Benefits of cloud-based security include:

• Improved visibility of assets and data
• Easier and faster solution deployment
• Reduced maintenance and management
• Faster and centralised data processing
• Greater scalability
• Lower hardware and storage costs

 

Cloud security: a shared responsibility

Cloud security is the responsibility of the organisations which offer cloud infrastructure, services and applications as well as the companies and employees that use them.

Under shared responsibility models, cloud providers such as Amazon, Microsoft and Google take responsibility for the security of the cloud, while organisations are responsible for securing the data and workloads they upload to it.

However, organisations are not always fully aware of cloud security risks or of their security obligations.

 

Understanding cloud security risks

With more enterprises choosing to operate in the cloud in some form, cloud security risks are now greater than ever. Some common examples include:

An expanded attack surface

Cloud computing widens an organisation’s attack surface and therefore the area its security team must defend. The recent shift to mass remote working has widened the attack surface further still and dissipated the traditional security perimeter, meaning endpoints and other assets are more exposed.

Data breaches

Cloud data breaches often result from poor cloud security management. Even if an organisation meets all of its responsibilities, it can still be harmed by a data breach caused by errors made by third parties.

Attackers are increasingly targeting cloud back-ups and providers of cloud services. One recent example of this is the cloud computing company, Blackbaud. In May 2020, it was the subject of a ransomware attack which is thought to have affected over 160 organisations in the UK.

While Blackbaud managed to prevent the attack from encrypting its files, it chose to pay the ransom demand in response to the hackers stealing data from its network and threatening to publish it online.

Employee errors

Cloud services place more control into the hands of employees. While this offers greater flexibility, it also increases the risk of inappropriate content being shared or confidential data being stolen or accidentally exposed.

Gartner estimates that up to 95% of cloud breaches occur due to human errors such as configuration mistakes, and it expects this trend to continue.

Malware and ransomware infections

When companies put data and services in the cloud, they often mistakenly believe that their data is automatically backed up and safe in the event of a disaster. However, this isn’t always the case.

Attackers are increasingly targeting cloud back-ups and providers of cloud services. Ransomware on a worker’s laptop computer can be synced to the cloud, infecting any data stored there.

Compliance failures

Poor management of data security controls puts organisations at risk of failing to meet compliance requirements such as those outlined in the GDPR, ISO 27001, PCI DSS and NIS Directive, potentially leading to significant fines and other sanctions.

 

Keeping your data secure with cloud security

Protecting data can be achieved using a range of cloud security controls:

Targeted employee training

It is recommended that companies provide specialist cloud security training to IT and cyber security staff and general awareness training to the remainder of the workforce. Cloud security awareness training should cover areas such as password management, phishing and data protection.

Multi-factor authentication

Multi-factor authentication (MFA) is one of the best ways to secure cloud-hosted systems, providing a supplementary layer of protection in the event of user passwords and credentials falling into the wrong hands. Organisations should aim to enforce multi-factor authentication across all cloud applications. However, a recent survey revealed that adoption remains low.

Separate accounts for admins

Limit the risk of accounts with elevated privileges being compromised by ensuring that system administrators have separate accounts for day-to-day operations and system administration.

Regular security assessments

Organisations should assess their cloud security on a regular basis and quickly and efficiently address gaps. This can be achieved through cloud vulnerability assessments and penetration testing, which can identify risks such as misconfigurations and providing guidance to help remediate any vulnerabilities discovered.

Cloud security monitoring

Minimising risks of data theft also requires organisations to be proactive in their approach to threat detection and response.

Cloud security monitoring can help organisations to detect changes that could indicate the presence of an attacker. Suspicious activities include data loss, infrastructure changes and irregular user and account activity.

 

Better data protection through cloud security

The ongoing evolution of the threat landscape means that data remains highly vulnerable to cyber-attacks. While cloud security is an important aspect of safeguarding data, it must be reviewed regularly to ensure the highest level of protection and detect errors.

To achieve this, organisations shouldn’t be afraid to seek specialist help with checking the suitability of current controls as well as implementing and managing new ones.

 

About the author

Chester Avey has over 10 years of experience in cybersecurity and business management. Since retiring he enjoys sharing his knowledge and experience through his writing.