Grown Tech

EnglishTiếng Việt
EnglishTiếng Việt

Is your organization aware of these 6 key public cloud risks?

Storing data in the cloud is now a necessity for any enterprise that wants to keep up with the latest technological advancements. Hybrid and public cloud structures are becoming more and more common among companies and larger corporations. In fact, a whopping 72% percent of large enterprises and 53% of medium-sized ones use a cloud solution for their data storage needs, according to a 2021 survey. https://www.imperva.com/blog/top-10-cloud-security-concerns/

1. Shared access

Infrastructure as a service (IaaS) solutions allows data to be stored on the same hardware. By contrast, software as a service (SaaS) solutions forces customers to share the same application. Which means data is usually stored in shared databases.

Today, the risk of your data being accessed by another customer.  Who shares the same tables is close to zero – at least in the case of the major cloud providers such as Microsoft or Google. However, multitenancy risks can become an issue with smaller cloud providers; and exposure must be taken into proper account.

Adequately separating customers’ virtual machines is essential to prevent any chance of a tenant inadvertently accessing another customer’s data. Additionally, one tenant’s excess traffic may hamper other users’ performance; so it is also critical to ensure a proper workflow. Most of these potential problems can be safely prevented during the configuration phase by taking the right precautions at a hypervisor level.

2. Lack of control over data

On the other side of the spectrum, larger cloud services such as Dropbox or Google Drive may expose enterprises to a different type of risk. Since, with public cloud solutions, data is stored outside the company’s IT environment, privacy issues are mostly linked with the risk of sensitive data ending up in the hands of unauthorized personnel. That’s why newer cloud services frequently encourage customers to back up their data. However, privacy can be at stake when third-party file-sharing services are involved – since tighter security settings, which are normally employed to safeguard the most sensitive data, are now beyond the control of the enterprise.

There are steps that can be taken though. Data loss prevention (DLP) can prevent users from transferring data outside of the business. Security policies can dictate that staff are not allowed to use File Sharing sites such as Dropbox. Cloud Access Security Brokers (CASB) can prevent users from using unauthorized SaaS services.

3. Bring your own device (BYOD) issues

Up to 70% of companies ensured that employees are happier. More satisfied and can roam freely—working from home or on the go—with BYOD strategies, consequently reducing downtime and inefficiency. For obvious reasons, smart working became the norm during the COVID-19 pandemic.  BYODs became an even more necessary asset for many employees who were forced to work remotely. However, even if BYODs may have higher specs than those provided by the company, employees’ devices may lack security and adequate protection. What’s more, a data breach on an employee’s device can be almost impossible to contain since external devices cannot be tracked or monitored without specific tools. And, even if the employee’s device is secure, it can still be lost or end up in the wrong hands—meaning anyone outside the workplace environment can breach the company’s network with obvious consequences.

4. Virtual exploits

Some exploits only exist because of the cloud’s virtual nature, in addition to the traditional issues physical machines pose. Most consumers are not aware of these vulnerabilities. The public cloud, they’re even less in control of security. Less experienced remote workers can be easily predated by malicious cyber actors. According to recent reports from the US Cybersecurity and Infrastructure Security Agency (CISA). https://growntechnology.com/10-big-data-dos-and-donts/

5. (Lack of) ownership

Many public cloud providers have clauses in their contracts that explicitly state a customer is not the only owner of the data since the vendor owns the data. Providers often keep the right to “monitor the use” of data and content shared and transmitted for legal reasons. For example, if a customer uses a cloud provider’s services for illegal purposes – such as child pornography—the cloud provider can blow the whistle and alert the authorities.

And while denouncing a hideous crime may seem a perfectly legit choice, even in such cases more than a few questions may be raised about the potential privacy risks of the data held by the provider. Data is often an asset that can be mined and researched to provide cloud vendors with more revenue opportunities.

Public Cloud
Public Cloud
6. Availability risks

So, other than the usual connection failures and downtime the ISP causes.  There’s also a risk of losing access to your services when the cloud provider goes down. Many cloud providers have been targeted by distributed denial of service (DDoS) attacks in the last two years. The amount of these attacks has steadily increased over the course of 2021.  Redundancy and fault tolerance are not under your IT team’s control anymore, which means a customer must rely on the vendor’s promise to back up its data regularly to prevent data losses. However, these contingency plans are often opaque and do not explicitly define who is responsible in case of damage or service interruptions.

Public cloud storage services can offer great value to enterprises and usually do a much better job securing data than an enterprise can on its own. However, any smart business owner must know the risks this solution might present and what measures they can take to mitigate these risks, besides what the vendor alone provides. Security always has been a concern when adopting new technologies. However, with the advent of cloud computing, organizations must take extra precautions to protect sensitive information stored online.

Related news