Cloud security is still one of the top concerns of CIOs and small business owners that use cloud computing for their business. Many companies that have implemented a BYOD environment have found that security is one of the top issues they face. The benefits of BYOD are too great to ignore, but if security protocols and policies are not properly configured and followed, then disaster can strike. A recent study by the Cloud Security Alliance (CSA) examines the most commonly widespread web threats that companies are facing so far in 2013. For the purpose of the test results, the CSA contacted and worked with many industry experts. This article is going to look at the top security threats to companies in 2013 and the solution to prevent them.
The results of the aforementioned study found that the top 9 web threats that companies face so far in 2013 are as follows:
Data breaches
The top threat of 2013 is the dreaded data breach. The CSA report calls it “every CIO’s worst nightmare.” The reason for data breaches are most often human error, phishing scams, malware, social engineering or other scams that steal information. This information is then used to gain unauthorized access to cloud accounts where the attackers can do as they wish with the company’s data. If the information is valuable it can be sold or used to blackmail the company. If it contains sensitive client information such as credit card numbers, social security numbers and financial institution details, the information can be used to steal money. If there is no valuable information, the attackers may decide to delete the data just for spite. This can be seriously disastrous for a company that doesn’t have a competent backup plan for their cloud data.
Data loss
Data loss is the second leading threat of 2013 as many attackers that gain access to information will delete the data, either because it is not valuable to them or to cover their tracks once they have illegally accessed the data. One of the most well-known journalists in the IT world, Mat Honan from Wired Magazine had everything wiped out by hackers who used flaws within iCloud and Amazon to breach his accounts and delete his data. He certainly could have benefited from having a cloud backup plan, but unfortunately, he didn’t realize it until it was too late and everything was gone.
Account hijacking
This is mainly due to the activities described above- phishing, social engineering, malware and other scams to steal account credentials. From there, the attackers can access user and company accounts and wreak havoc. Having a solid cloud backup plan in place can protect your company data from being deleted forever.
Insecure APIs
By not properly securing the keys to the cloud accounts and data, companies are leaving their data open to numerous attackers or others who can gain access to information and use it to their advantage. Many web and cloud services allow third-party vendors access to information by exposing APIs, but without following proper security protocols, this can lead to disaster. A cloud backup plan can once again protect your data from being completely deleted once it falls into the wrong hands.
Denial of service
DDoS attacks are a common form of attack on many websites and company servers. Unfortunately, there isn’t much you can do about a DDoS attack but sit and wait it out. The results are usually crashed servers and company downtime which can cost the company money and business.
Malicious insiders
Employees recently fired or disciplined may decide to get revenge on the company, especially if the company doesn’t revoke their authentication to the company cloud accounts. Sometimes it can happen over misunderstandings. In one instance, a woman mistakenly thought she was about to be fired, so she went to the office and erased 7 years of drawings and blueprints, valued to be around $2.5 million. Needless to say, she sealed her own fate. However, had the company implemented a cloud data backup system, the drawings would have been securely backed up and the company wouldn’t be out $2.5 million.
Abuse and nefarious use
Infrastructure as a service (IaaS) and platform as a service (PaaS) technologies can be used to execute DDoS attacks, password and CAPTCHA cracks, as well as host botnet command and control capabilities. Attackers also use Software as a service (SaaS) technologies in order to send high amounts of spam emails. In cases of password and other authentication theft, breaches and security exploits, a cloud backup plan will protect company data from attackers that gain unauthorized access to the accounts.
Insufficient due diligence
Employees that do not follow rules, don’t adhere to security policies and don’t gain the necessary information required to keep company assets and information secure can cost the company time, money and loss of business. If information is leaked, even accidentally, it can quickly turn disastrous for the company. A solid cloud backup plan may not be able to keep your information from leaking, but it can save it from being deleted and lost forever once a security breach has occurred. Investing a top-notch security system is the best deterrent but human error can cost a company everything, even with the best security available.
Shared technology issues
Shared infrastructure is how IaaS vendors deliver their services in a highly scalable fashion. However, sometimes underlying components are not properly designed to offer strong isolation capabilities for a multi-tenant deployment. New technologies are beginning to solve this problem as they isolate each specific user’s data from other users, but many companies are still vulnerable. A cloud backup plan can prevent any form of data loss due to shared technology issues.
Nonexistent or inadequate cloud backup
You may have noticed that in nearly every one of the above incidents that a cloud backup system would have prevented company data loss. This makes nonexistent or inadequate cloud backup a huge security risk. That is why the ultimate goal of cloudHQ is to provide a secure backup system for companies that store data in the cloud.
How is cloudHQ the solution?
The cloudHQ service replicates data from one cloud account to another, with the backup account having completely separate authentication that is only accessible by the business owner, CIO or trusted staff. As company employees work and add files to the cloud account, cloudHQ runs silently in the background, completely invisible to avoid interruption or distraction to the employees. Any new files added to the main company cloud account are instantly replicated to the backup cloud account. Any revisions to existing files in the main company cloud account are instantly replicated to the backup account. So if your company experiences one of the unfortunate dilemmas mentioned above, your company will still maintain a complete secondary copy of all data in the backup account. Restoration is quick and easy for minimal company downtime.
Don’t be one of the company owners or officials who realize AFTER a security breach and data loss incident has happened that they should have had a cloud backup plan in place. By then it’s too late. Get your protection and peace of mind now by signing up for the free 15-day trial and determine if cloudHQ is the right solution to protect your company data in the cloud.