Migrating to the Cloud: Security Risks and Concerns

Uploaded on 2022-07-22 in TECHNOLOGY--Developments, FREE TO VIEW

Cloud computing has grown immensely in popularity over the last few years, with experts now predicting the market to be worth more than $800 billion by 2025. The Cloud offers numerous benefits including increased flexibility and convenience as well as room for scaling. However, many companies are still hesitant about Cloud migration because of concerns to do with security.

Working within the Cloud can seem daunting. While a convenient place to hold all your data, it can feel like control and visibility is severely limited, making you question how you’ll both locate your important data and ensure it is all secure.

Most Cloud service providers work on the basis of shared responsibility model, whereby both your company and the service provider will play a part in the protection of your data. These models can vary across providers, so it’s important to know what your team will be responsible for in terms of security before migrating anything. 

Misconfigured Settings

With a shared responsibility model, your company will usually be in charge of making sure security settings are correctly configured. Many organisations are unfamiliar with Cloud infrastructure, leading to oversights and poor configuration, which can, in turn, leave your data vulnerable. Migrating to the Cloud should not be a rushed process, so it’s important to get to grips with security controls you’ll need to implement in order to be compliant and secure before moving any assets. Often, providers will provide recommendations and tools to assist with configuration too.

Data Loss

Over 60% of organisations have said that their biggest concern when transferring data is that it will be incomplete, missing, or corrupt once it reaches its new destination in the Cloud. Backing up data is therefore essential before you move anything, so you can restore any affected data easily. It’s also important to notify all stakeholders before migrating data to avoid interference during the transfer. 

Even once the data is in the Cloud, leakage is still a concern as results of accidental deletion or overwriting of data, and malware. Classifying and labelling data before migration can help to keep track of the most sensitive data and where it will be held in the Cloud, especially as visibility can become more of an issue. Backing up regularly and minimising user access privileges can then be implemented post migration to reduce risk of data loss. 

Compliance

Many industries govern how organisations handle data and security, requiring certain standards and regulations to be met. Some common ones include HIPAA, GDPR, Cyber Essentials, DSS, or ISO 27001. It makes sense then that companies want to ensure migrating to the Cloud doesn’t interfere with this compliance.

Although Cloud computing works on a shared responsibility model, data security and compliance are the organisation’s responsibility so you should make sure your Cloud provider supports security measures you put in place. 

Many breaches of compliance are due to poor access controls, for example allowing someone access to data they shouldn't be able to access. Implementing a strong identity and access management solution can help keep control over these access privileges and ensure highly sensitive data is restricted. As the Cloud becomes more popular, these industry compliance regulations are starting to specifically include Cloud computing in their security requirements, for example ensuring you have multi factor authentication activated for your Cloud accounts. 

Account Hijacking/Cyber Attacks

A final major concern for companies operating within the Cloud, is the risk of account hijacking, when a bad actor may gain unauthorised access to employee accounts. One common way hackers can acquire credentials is via a phishing attack. Once into the account, data may be stolen or held for ransom, with legitimate users locked out. Worst case scenarios can involve bad actors accessing admin accounts giving them the ability to reconfigure core settings. 

Cloud monitoring solutions are an effective way of checking activity across your cloud computing services, detecting any suspicious or anomalous events. It is also best practice to have Multo Factor Authebtication (MFA) switched on for all cloud users so companies should check that their cloud service supports this. Even with these measures, however, it is best to prepare for the worst and this involves having a solid cloud disaster recovery plan in place, so you can minimise damage and downtime should you face a cyber attack. The exact details will vary depending on the business, its data, and the Cloud provider, but may include risk assessments, staff training and backup strategies.

The Cloud is an invaluable tool for businesses, opening up new opportunities for storage, accessibility and collaboration, but it has also brought new security risks and considerations that should be explored fully before migrating. Companies considering the move must choose their Cloud provider carefully, making sure it meets compliance and security requirements, and implement appropriate measures to handle cyber threats. We will likely continue to see the cloud computing market thrive but companies must work to build Cloud security into their wider strategies in order to reduce risk so the numerous benefits can be taken full advantage of. 

Clive Madders is CTO Cyber Tec Security

You Might Also Read: 

Cloud Computing & Security: What Enterprises Should Know:

 

« Companies Going To War On Social Media
Hackers Set Fire To An Iranian Steelworks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

Saviynt

Saviynt

Saviynt is a leading provider of Cloud Security and Identity Governance solutions.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Cyber Police of Ukraine

Cyber Police of Ukraine

Cyber Police of Ukraine is a law enforcement agency within the the Ministry of Internal Affairs of Ukraine dedicated to combating cyber crime.

Anitian

Anitian

The Anitian Compliance Automation platform builds, configures, and monitors cloud environments to accelerate compliance for standards such as FedRAMP, PCI, ISO/GDPR and CJIS.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

CatchProbe Intelligence Technologies

CatchProbe Intelligence Technologies

CatchProbe provides actionable web intelligence, OSINT, deception systems, threat intelligence, and digital crime analytics solutions and products through an AI-Driven intelligence platform.

Olympix

Olympix

Dev-first Web3 security that starts at the source. Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.

AUCloud

AUCloud

AUCloud is a leading Australian cyber security and secure cloud provider, specialising in supporting businesses and Governments with the latest cloud infrastructure.

CyTwist

CyTwist

CyTwist is an early warning attack detection platform that complement your existing security suite and provides your security teams with unique detection capabilities of stealth targeted attacks.

National Cybersecurity Competence Center (NC3) - Luxembourg

National Cybersecurity Competence Center (NC3) - Luxembourg

The purpose of the is to strengthen the Country's ecosystem facing cyber Luxembourg National Cybersecurity Competence Centerthreats and risks.