Common Mistakes in Picking the Right Solution for Cloud Security
According to the Verizon State of The Market: Enterprise Cloud 2014 Report, the cloud rush is on. Already, more than 65% of enterprises have adopted it, and many more are considering it as a vital resource for business growth. With its principle benefits of scalability, cost efficiency, and improved performance being increasingly experienced by small, medium-sized and large enterprises, it’s regarded as one of the biggest tech waves of this decade.
Although it’s fairly popular, it faces a significant challenge- Security. If Data Breach Report by The Identity Theft and Resource Center is anything to go by, the cloud remains one of the most primary targets for hackers and malware. A majority of the 783 data breaches reported in 2014 occurred through the cloud. As cloud adoption grew, so did the threats- subsequently resulting in an 18.3% increase in data breach cases last year.
As a result, the biggest concern for most cloud users is undoubtedly data security. If you don’t implement the right protocols and measures, chances are you’ll be a victim, possibly resulting in serious losses or business collapse. The Cloud Security Alliance suggests that data loss or breaches is the number two reason behind losses that businesses make. The Boston Computing Network further emphasizes on the need for stable cloud security frameworks by reporting that 60% of businesses which suffer breaches usually collapse within the subsequent 6 months.
Unfortunately, the biggest blame is directed to cloud security experts for failing to develop impenetrable solutions. However, organizations should also take part of the blame since many of them make mistakes in choosing suitable security solutions. Some of the most common ones include:
Incomprehensive Threat Assessment
Although other organizations are reportedly rushing to implement cloud security solutions, take your time before choosing one. To pick the right solution, you need to first comprehend the major risks your company data faces by doing a comprehensive threat assessment. What type of data do you deal in? Which is the most sensitive part of your data, which if leaked, would result in immense losses and reputation damage? What are the major threats to your data? Which cloud security solution would perfectly curb those threats?
According to the Identity Theft and Resource Centre, most cloud users face threats from hackers, who top the list of the leading causes of cloud data breaches- with 29% of 2014 cloud data breach cases attributed to them. Other top threats include:
- Data breach through third party data handlers like cloud service providers, which accounted for 15.1% of the cases.
- Accidental leakage of data to unwanted parties, which accounted for 1.5%, an increment of 4% compared to the previous year.
- Data breach during transmission, which accounted for 7.9%, a significant drop compared to the previous year percentage rate of 12.9%
A majority of these breaches which have been averted if only organizations comprehensively assessed their respective threats to pick the respective solutions optimized for each of them.
Compromising On the Quality through Cheap Solutions
With the cloud security market projected to hit a value of $42 billion by 2016, security solutions providers, particularly SaaS, are increasingly using aggressive strategies to beat their competition and dominate the market. Even hosting and IaaS providers have already joined the race by enhancing their security packages with data encryption and improved access control.
Of course the resultant price wars are largely beneficial to consumers as they consistently seek service providers with the most reasonable rates. Unfortunately, some cloud users mistake cheap for reasonably priced- while reasonably priced packages are of high quality and come with affordable price tags, cheap are usually inefficacious and come at the lowest prices. Therefore, organizations which go for the latter ultimately secure their data with poor solutions incapable of effectually detecting and resisting cloud attacks.
Most organizations only focus on packages different vendors offer and make assumptions on their infrastructure and resources. Consequently, some organizations subscribe to attractive packages which are supported by insufficient security infrastructure with multiple vulnerabilities. If discovered, hackers capitalize on the vulnerabilities to launch catastrophic attacks which ultimately result in huge losses, reputation damage, or both.
In January 2014, hackers infiltrated a third party database and got hold of details to tens of thousands of Yahoo Mail accounts. Although Yahoo Mail swiftly acted to protect user data by resetting the passwords in all the affected accounts, the damage had already been done. Later in the year, precisely in May, hackers used the same strategy to gain access to hundreds of thousands of AOL mail accounts. In both instances, they obtained private data from some of the email accounts and used the email addresses for phishing and spam campaigns.
Yahoo and AOL Mail suffered huge losses and lost many loyal users because of the assumptions they allegedly made on the infrastructural security of the third party databases. If they had been keen in comprehensively assessing the vulnerabilities in the third party databases, they would have successfully averted the attacks.
Disregarding Disaster Management
Most cloud users find it hard to believe that although cloud security solutions are improving, hackers are also sharpening their skills by inventing new ingenious ways of attacking. There is always a risk of infiltration, even when the security solution providers offer absolute guarantee that their systems impenetrable. Because of that, many cloud users do not consider the subsequent response measures to manage the resultant disasters in case of a breach.
A good security solution should not just stop at detecting potential threats and blocking attacks- It should also have the requisite disaster management solutions to recover any lost data and track origin of the attack for subsequent litigation. One of the most widely employed disaster management strategies is secondary data back-up centers detached from their respective primary servers. Therefore, only the primary servers are affected in case of an attack.
Since these are just the most common, there are many other mistakes which cloud users, including the most experienced ones, make in picking cloud security solutions. The most reliable method of avoiding them is consulting experienced IT security experts to help you assess all the critical factors and ultimately choose a stable and effective cloud security solutions provider.
Author: Davis Porter
Image Courtesy: Stuart Miles, freedigitalphotos.net