If you’ve heard about the recent Uber breach, then you may be wondering just how safe your organization’s data actually is on all the cloud services you use.
The fear is understandable. After all, Uber is a massive company, with more than 32,000 employees. Yet, a teenage hacker reportedly managed to infiltrate the company’s internal systems through Slack, a popular Salesforce messaging service.
But before you unplug your router from the internet and switch to keeping records on paper, let’s take a better look at just how secure cloud services actually are.
Your cybersecurity in the cloud is never guaranteed, but your data is typically a lot more secure on the cloud than with on-premise solutions.
To help you understand how we got to this conclusion, this guide covers the following sections:
- What is the cloud, and how are cybersecurity considerations on the cloud different from local systems?
- What are some key problems with cloud security?
- High-Profile Breaches
- Trusting Third Parties
- Shared Responsibility.
- What are some important security benefits to the cloud?
- Extensive cybersecurity resources
- Regular updates and monitoring
- External audits and detailed compliance reports.
Cloud Security 101
What is the Cloud?
Before jumping into all the specifics of security on the cloud, let’s define our terms.
Your digital data can be stored in two key ways:
- On-premises – software is installed locally in physically hosted environments (servers and devices)
- Cloud – a network of servers that operate together as virtual machines and online services.
How is Cloud Security Different from On-Premise Security?
When software and applications are hosted on the cloud, then accessing them becomes independent of your device or physical location.
Instead of needing to log into a company computer to open your accounting software, you can just open a browser from your phone or even borrow your spouse’s device.
Obviously, this dynamic significantly changes the cyber risks and vulnerabilities that could affect your data.
Issues with Cloud Security
High Profile Breaches
Using the cloud introduces new attack vectors into your system, and those unique exploits can easily become your problem.
Large cloud providers like AWS or Microsoft Azure make compelling targets for cybercriminals. Instead of taking down just one company, a malicious actor can potentially compromise hundreds or thousands of organizations through just one exploit.
When attackers do succeed, those data breaches tend to make the news. Just a few months ago, a woman responsible for breaching Capital One got convicted of 7 separate data theft charges. That breach, like many others, was caused by a misconfiguration in AWS databases.
Trust and Third Parties
When putting your data in the cloud, you are inherently creating risk because you’re depending on a third party.
In cybersecurity, you can never fully trust any individual or organization, as every entity is a potential vulnerability. This principle is why the concept of “Zero Trust” is usually synonymous with good security practices.
However, Zero Trust does not mean that you shouldn’t grant anyone access to your systems. In practice, to interact with others and actually operate a business, your organization has to accept some level of risk.
To mitigate risk from storing your data with a cloud provider, you need to understand the idea of shared responsibility.
Since you no longer control the entire tech stack, some responsibility for your security operations gets delegated to other parties.
For instance, Microsoft provides this diagram to illustrate the division of responsibility between their customers and Microsoft’s cloud service:
Cybersecurity Benefits of the Cloud
Robust Security Systems
Usually, the third-party cloud provider has more robust resources than your company can manage on-premises for cybersecurity.
Since those vendors’ business models revolve around storing data, they must keep up with cybersecurity demands to maintain a competitive advantage. As such, these companies typically store multiple copies of data, ensure comprehensive encryption, and build in many layers of fail-safes into their operations.
Regular Updates and Monitoring
Cloud software is distributed and not dependent on any local hardware on your end, so it’s much easier to push updates and patches as needed.
This way, both you and the cloud provider can monitor these systems for new vulnerabilities and remediate them much faster than if you were operating locally.
Auditing & Compliance
Cloud providers are regularly getting audited by third-parties to stay compliant.
Those audit reports and other compliance documents are typically readily available for any users to read through.
As such, even though you may never see the code running a cloud service, you can still do sufficient due diligence to ensure that your data remains protected.
So… How Secure is the Cloud?
Overall, the cloud is not perfect.
Most breaches happen because of simple human errors. For example, the Uber breach mentioned earlier was actually the result of one person mistakenly approving the hacker’s MFA request.
No matter how robust the defense layers on a cloud service may be, vulnerabilities will remain. But as with everything with cybersecurity, you should mitigate risk as well as you can. And overall, the cloud is typically much safer for your sensitive information than on-premise solutions.