The cloud can be a very convenient way to store large amounts of data. A lot of people and companies are opting for this approach, which speaks well for its usefulness. However, there are definitely some security concerns that surround the use of the cloud. When you are talking about using the cloud to store data (as opposed to just running services), the need for security becomes much greater. Let’s try to answer the question: How safe is cloud data storage?
Cloud-Jacking Incidents
Unfortunately, the cloud has sometimes proven to be an easy target. The highly interconnected nature of these networks can create a lot more “back doors” by which hostile parties can intercept or even take control of data. Let’s look at a few high-profile examples.
You couldn’t ask for a more high-profile example than this: The WWE was the victim of an extensive cloud-jacking attack in 2017. Apparently, about 3 million network users had their data compromised. It is unclear what (if any) data was stolen as a result of this vulnerability, but everything was wide open and available to anyone who knew the web address. Thankfully, no financial information was included in this breach, so the damage was minimal. Still, it did expose the inherent weakness of cloud security.
For a more recent example, we might look at the legal troubles suffered by a company called Wyze. They make smart cameras (IoT devices) that can upload images to a cloud server. This was seen as a convenient way to store large amounts of pictures and video, but it proved to be a little too easy. The data of roughly 2.4 million users was compromised and the company has since been hit with several lawsuits.
Finally, we have the Choice Hotels data breach that occurred in mid-2019. This one was also the result of an improperly secured cloud server and it compromised the personal information of roughly 700,000 people. It appears that this one was also a ransomware attack, but it failed to fully encrypt the target drive. As such, the ransomware aspect of the plot failed. Nevertheless, there is no doubt that the attackers had access to the payment information of those 700,000 individuals.
Is The Cloud Safe Enough For The Storage Of Sensitive Data?
The clear answer is no. The cloud is not safe enough for the storage of your most sensitive data. The examples listed above were disturbingly easy to find, and many more examples exist. However, we have noticed one theme in many of these attacks: A lot of them failed to obtain sensitive information because people were smart enough to avoid putting that sensitive information in the cloud. For instance, the WWE hack did include some personal information but no sensitive financial information. Thus, the damage was minimized.
The obvious conclusion here is that the cloud is a safe place for the storage of most data. However, it is not a safe place to store the kind of data that hackers will want. Anything that will enable them to get access to a person’s money, or anything that will allow them to steal a person’s identity, should be kept in a more secure location. The best option would be an encrypted device with no access to the internet.
Ways To Make The Cloud More Secure
To be fair, we should acknowledge that the cloud isn’t without a few security measures. If you use the right kind of cloud services, it can make your network a much less vulnerable target. For instance, there are encrypted cloud servers that basically function like a big multi-user VPN. While this will not defeat all methods of attack, it will defeat quite a few of them.
Strong protection at the device level and the router level are also a good idea. These might include various types of encryption, dedicated firewall/encryption devices, device firewalls, application controls, filtering of URL and MAC addresses, and numerous other controls. Things like this won’t make for an impenetrable network, but they will bring you a lot closer to such.
Network monitoring is another good thing to do, but it can be a lot more difficult when trying to monitor the cloud. With so many more connections and data transactions going on at the same time, it isn’t exactly easy to keep track of everything. For this reason, it might not be worth the trouble to look directly at the flow of data packets. Instead, you can set up packet filtering options that are good at detecting suspicious traffic. Make sure you avoid using the SMTP protocol because it doesn’t check the authenticity of packet headers. This can make it easy for an attacker to forge the headers and misdirect a link.
The Importance Of Backups
There is another reason that you should not store sensitive information in the cloud. Although it is rare when dealing with a good cloud provider, they sometimes experience crashes, glitches, and resultant data loss. Again, it shouldn’t be a frequent problem, but it can be a huge problem when it does happen.
Because of this, a managed cloud backup system is highly essential for any large-scale cloud user. Business cloud backup services will give you a way to restore any lost data in the event of a problem. At the most, you might lose a few days of productivity (depending on how recently you made the backup), but that’s a lot better than losing everything.
Conclusion
To answer the question posed by the title, the cloud is not the most secure option for data backup. However, if you are storing low-risk information, you don’t really need to worry about that. If your cloud is relatively secure, you might even feel confident enough to put some medium-risk information in there. However, your high-risk information should never be placed in the cloud. Every example we can find seems to confirm that pattern. If you are interested to know more about this and other cybersecurity topics, you can call PCH Technologies at (856) 754-7500.