Securing Data in the Cloud

Uploaded on 2016-11-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Storing data in the cloud is standard practice in today’s enterprise. What was once stored on premises is no longer and while now commonplace, the security of data in the cloud is not something to take for granted or to become complacent about.

But how do CIO’s keep company data safe from the threats hidden in VPN’s, downloads and apps?

Many think the immediate and only answer is in the encryption of that data. Encryption definitely has its advantages including its level of complexity makes access harder for threat vectors and it’s more secure than unencrypted data, as long as keys are stored separately and it is updated regularly. However, encryption is better suited for data that is not accessed very often, contradicting the very benefit of storing data in the cloud, easy access, anytime, anywhere.

As more and more daily business is done in the cloud and the use of remote access and BYOD increases, enterprises need to be concerned more than ever about security. External threats are widely known but threats are not just external as many data breaches come from within the organisation. Weak or stolen user credentials are hackers preferred approach and are found in more than 75 percent of all network breaches.

For this reason, just encrypting the data itself is not enough. Monitoring and access control need to be a big part, almost a requirement, of keeping cloud data safe. Organisations need to know who has accessed what, where from and what they are doing with that data, and if the person accessing the data is even allowed to access that particular data.

Data security needs to be a layered approach and one of the layers that can safeguard encryption and provide visibility on employee app use is multi-factor authentication technology that allows controlled access to the data by ensuring that only the right people have access to that data.

Multi-factor authentication technology offers security that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for logins and other transactions.

Multi-factor authentication not only provides organisations with the highest level of factors to validate a user’s identity, it looks at multiple factors surrounding each particular login. These factors include geo-location, network IP, type of system being accessed, time of login etc. wherein all of these factors add context that help to determine the level of trust and whether the user should be authenticated or blocked, which provides organisations with increased confidence that their data is safe.

The majority of data breaches involve the use of valid credentials that are misused including employees accessing third-party resources, downloading apps where work data is being shared to access from remote locations or credentials that have been lost or stolen. It is clear that even if data is encrypted, if someone has access to the data in an uncontrolled way, organizations are still vulnerable.

In fact, ABI Research, also supports the value of multi-factor authentication stating in a recent report, “Enterprises are finally realizing that they should not view MFA as a luxury security technology, one only for IT personnel, managers, and C-Level executives.

With the BYOD culture in enterprises, it is becoming a necessity for businesses to deploy newer authentication technologies to fight detection-resistant malware, phishing attacks, credential theft, rootkit deployments, cross site scripting, and other threats.”

In our world of ever changing cyber threats, to be able to truly exploit the value of the cloud and use the data stored within, organisations need to look beyond the protection that encryption provides and consider multi-factor authentication as it provides the link between enterprise security and employee authentication in the workplace.

Information- Management:         8 in 10 IT Pros Believe Data Is Cloud Safer:

 

« Cyber-attacks & Hacking: What You Need To Know
Cisco says It Will Make The IoT Safe »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CERT.br

CERT.br

The Brazilian national Computer Emergency Response Team

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

Samoby

Samoby

Samoby provide a subscription solution for Mobile Threat Protection and usage control on Android and iOS devices.

Variti

Variti

Variti Intelligent Active Bot Protection technology — traffic analysis, detection and stopping of malicious bots in real-time and effective response to DDoS attacks.

IT Band Systems

IT Band Systems

IT Band Systems is an international provider of IT products and services including web server monitoring and web security consulting.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

The IoT Academy

The IoT Academy

The IoT Academy is a reputed Ed-Tech Institute that provides training in emerging technologies such as embedded systems, the Internet of Things (IoT), Data Science and many more.

Axiata Digital Labs

Axiata Digital Labs

Axiata Digital Labs is the technology hub of Axiata Group Berhad Malaysia which is one of the leading groups in telecommunication in Asia.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

OSC Edge

OSC Edge

OSC was founded with the vision of providing expert solutions in IT to government and businesses. OSC Edge empowers organizations with solutions that prepare them for today and tomorrow.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

WIIT Group

WIIT Group

WIIT Group are focused on a single goal: securing our clients’ critical processes and enabling them for digital transformation.

Vonahi Security

Vonahi Security

Vonahi Security is a cybersecurity SaaS company that pioneered automated network penetration testing.