Skip to content

Cloud Security 101


As cloud computing continues to grow, enterprises are relying more and more on outside providers of Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) for the applications they provide, and they are also allowing cloud providers to take over hosting both company data and on-premises applications.

Cloud usage is growing exponentially: In a survey by North Bridge and GigaOm Research, 49% of respondents said they used the cloud for revenue-generating or product development activities, and 45% either want to or already are running their company in the cloud! Roughly 66% of all data is now in the cloud and 73% is projected to be within two years, so clearly falling behind will be detrimental to an organization’s business and technical capabilities.

Why Move to the Cloud?

The benefits of shifting from on-premises hosting to the cloud are numerous. CDW’S 2013 State of the Cloud Report found that 56% of IT professionals using the cloud agreed that cloud services have helped them boost profits. Additionally, 60% of respondents believed cloud computing has allowed their IT team to spend more time on other company projects by lessening their infrastructure workload. Other top cloud benefits cited by the respondents include increased efficiency (55%), improved employee mobility (49%), and increased innovation (32%).

In addition to these direct benefits, the majority of Gartner’s Top 10 Strategic Technology Trends for 2015 are related or relevant to the rise of cloud computing:

  • Cloud/Client Computing
  • Computing Everywhere
  • The Internet of Things (IoT)
  • Risk-Based Security and Self-Protection
  • Software-Defined Applications and Infrastructure
  • Web-Scale IT
  • Context-Rich Systems

To quote Gartner, these trends have “the potential for significant impact on the organization in the next three years. Factors that denote significant impact include a high potential for disruption to the business, end users or IT, the need for a major investment, or the risk of being late to adopt.” Failure to invest in some, if not all, of these rapidly expanding technologies could actually harm an enterprise in the long run.

Risks of the Cloud

The cloud offers a lot of benefits and certainly needs to be leveraged by any business looking to free up resources in IT and drive efficiency. However, for both cloud adopters and organizations still considering making the switch, security must be a top concern.

The good news is most organizations recognize the risks involved. In a survey by Sungard Availability Services and EMC Corporation, 65% of respondents said they are worried about security in the cloud, a number which includes 63% of the respondents whose organizations had not yet moved to the cloud. And with the high-profile data breaches of major companies like Target, JPMorgan Chase, and Sony Pictures, who can blame them?

In fact, a data breach from the cloud may be more costly than an on-site network breach: An organization that moves 50% of its data to the cloud could experience up to a 200% greater financial loss from a cloud data breach than from a breach originating in their own network.

Putting trust in an exterior provider to host one’s infrastructure or applications may seem too dangerous, but with the right precautions the risks can be mitigated to allow an enterprise to benefit from the full potential of the cloud.

How to Protect Your Company Data

One of the most common ways hackers access systems and networks during an attack is through the use of valid user credentials. In fact, up to 76% of network incursions are said to involve weak, lost, or stolen passwords. It stands to reason that improving the user authentication process will drastically reduce successful cyber-attacks.

A password alone is no longer enough to keep an account secure. In fact, it’s now common knowledge that the data breaches at JPMorgan Chase, Apple, and others could have been prevented with multi-factor authentication. Multi-factor (or two-factor) authentication adds an additional layer of security to almost any application or network by requiring at least two of these three criteria: Something you know (such as a password), something you have (usually a phone or email address), or something you are (e.g. a biometric factor such as a fingerprint).

A common two-factor authentication pairing is a username/password combination and a one-time-use passcode (OTP) sent to a user’s phone (“something you have”) via a text message or mobile authentication app. This means that in order to access an account with two-factor authentication enabled, a hacker would need to know the login credentials and be in possession of the user’s mobile phone. Most OTPs are also time-sensitive and will expire if not used within a certain amount of time, making this method of authentication even stronger. The likelihood of a hacker accessing an account protected by multi-factor authentication is slim at best.

There are a number of websites and web applications that have a multi-factor authentication option that users can elect to use, but there are many critical applications that still only require a username and password to log in. If these providers have no plans to implement multi-factor functionality, can you afford to wait?