Preventing hacking: cloud experts give tips
Companies considering moving their data to the cloud could understandably get the jitters if the spate of high-profile data breaches involving thousands of records highlighted in the media is anything to go by.
The Hillary Clinton campaign hack is now the subject of an FBI investigation and cause of much speculation as to where the hack originated. Hundreds of organisations were hacked in 2016 including British Airways' frequent-flyer accounts Anthem; the second-largest US health insurer involving 80 million personal records; and Linux Ubuntu Forums, affecting two million users.
Gartner predicts that in 2015, 80% of successful hacks will succeed using known exploits. These attacks can be deflected if the organisation ensures that the applications on their network are patched and up-to-date, and that every vulnerability is remediated or mitigated. It is essential that companies take preventative action against vulnerabilities, which can affect both hardware and software on the network.
Andre Schoeman, head of product domains at Neotel and a speaker at the ITWeb Cloud Summit 2017, points out that, as evidenced by the successful hacks recently, even large organisations with sophisticated and complex IT departments sometimes fail to fully adhere to the moving target of keeping servers patched and updated. But where does this leave small businesses? Obviously small businesses do not have the same resources, time and money at their disposal just to stay safe.
"Fortunately, with the significant public focus placed on the security of services in the cloud, it has been a top priority for cloud vendors. They make it their business to know just where risks originate and what companies should do to minimise the risk of being hacked.
"With the significant public focus placed on the security of services in the cloud, vendors emphasise the security of their customers' data as a primary concern and therefore dedicate significant development efforts to ensuring the end-to-end security of their platforms. Small businesses owners can benefit from advanced encryption and security measures developed by moving data from their premises to the cloud," he says.
If your company deals with sensitive data, the best thing is to understand the nature of this sensitivity and establish a methodology to safeguard it. Perhaps a good first step is to consult with an expert and implement controls as well as ensuring that your staff is aware of their role in preventing leaks. The major reason for security breaches relates to human error so it's important that employees are highly aware of the steps needed to minimise risk as a routine part of their workflow.
For the same token, vendors can help ensure that your company is compliant with the latest laws that regulate how you handle your customers' information. Says Thomas Lee, general manager of Wingu: "Our own market research and surveys places security as the number one concern when it comes to cloud computing. Customers are worried about how secure their data is, how cloud providers store and use their personal information, and how to securely connect to their cloud systems.
"The reality is that cloud providers go to great lengths to provide secure systems. Cloud vendors have a number of tools and methods in place to give customers comfort about the security of their data and personal information. But, customers are unsure how to move into the cloud, and how to start taking advantage of this technology."
He emphasises that data domain regulatory requirements are real, and customers want to know where their data is stored, and who can access it. This is why we see a massive surge in cloud providers that focus on providing solutions in specific geographic regions. Customers cannot always use the large, predominantly American cloud providers due to data domain concerns. Wingu stores information locally in South Africa and the company ensures compliance to local regulations around security and data protection.
A security consideration that Wingu emphasises is that in many companies, executives are held to a lower standard of data security than the rest of the employee base. They're allowed more leniency in terms of BYOD, and in general they operate more freely outside the corporate firewall when in reality it is executives who are more likely to be targeted as holders of sensitive information.
Itayi WP Mandonga, PAAS cloud champion from Oracle, agrees that vendors now focus on security and measures to combat cyber-security issues.
"Vendors need to immediately address issues. IT professionals need to keep a record of changes made to their systems so that they can quickly identify where weak spots in the system arise."
"Security is a moving target and hackers are constantly looking for new ways to penetrate their targets systems. Companies and vendors need to work together in using best practices to keep on step ahead of malicious cyber attacks," he concludes.