Securing Data in the Cloud

Uploaded on 2016-11-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Storing data in the cloud is standard practice in today’s enterprise. What was once stored on premises is no longer and while now commonplace, the security of data in the cloud is not something to take for granted or to become complacent about.

But how do CIO’s keep company data safe from the threats hidden in VPN’s, downloads and apps?

Many think the immediate and only answer is in the encryption of that data. Encryption definitely has its advantages including its level of complexity makes access harder for threat vectors and it’s more secure than unencrypted data, as long as keys are stored separately and it is updated regularly. However, encryption is better suited for data that is not accessed very often, contradicting the very benefit of storing data in the cloud, easy access, anytime, anywhere.

As more and more daily business is done in the cloud and the use of remote access and BYOD increases, enterprises need to be concerned more than ever about security. External threats are widely known but threats are not just external as many data breaches come from within the organisation. Weak or stolen user credentials are hackers preferred approach and are found in more than 75 percent of all network breaches.

For this reason, just encrypting the data itself is not enough. Monitoring and access control need to be a big part, almost a requirement, of keeping cloud data safe. Organisations need to know who has accessed what, where from and what they are doing with that data, and if the person accessing the data is even allowed to access that particular data.

Data security needs to be a layered approach and one of the layers that can safeguard encryption and provide visibility on employee app use is multi-factor authentication technology that allows controlled access to the data by ensuring that only the right people have access to that data.

Multi-factor authentication technology offers security that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for logins and other transactions.

Multi-factor authentication not only provides organisations with the highest level of factors to validate a user’s identity, it looks at multiple factors surrounding each particular login. These factors include geo-location, network IP, type of system being accessed, time of login etc. wherein all of these factors add context that help to determine the level of trust and whether the user should be authenticated or blocked, which provides organisations with increased confidence that their data is safe.

The majority of data breaches involve the use of valid credentials that are misused including employees accessing third-party resources, downloading apps where work data is being shared to access from remote locations or credentials that have been lost or stolen. It is clear that even if data is encrypted, if someone has access to the data in an uncontrolled way, organizations are still vulnerable.

In fact, ABI Research, also supports the value of multi-factor authentication stating in a recent report, “Enterprises are finally realizing that they should not view MFA as a luxury security technology, one only for IT personnel, managers, and C-Level executives.

With the BYOD culture in enterprises, it is becoming a necessity for businesses to deploy newer authentication technologies to fight detection-resistant malware, phishing attacks, credential theft, rootkit deployments, cross site scripting, and other threats.”

In our world of ever changing cyber threats, to be able to truly exploit the value of the cloud and use the data stored within, organisations need to look beyond the protection that encryption provides and consider multi-factor authentication as it provides the link between enterprise security and employee authentication in the workplace.

Information- Management:         8 in 10 IT Pros Believe Data Is Cloud Safer:

 

« Cyber-attacks & Hacking: What You Need To Know
Cisco says It Will Make The IoT Safe »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

Cloud Credential Council (CCC)

Cloud Credential Council (CCC)

The CCC is a leading provider of vendor-neutral certification programs that empower IT and business professionals in their digital transformation journey.

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

The National Trading Standards eCrime Team tackles online consumer scams, rip-offs and fraud, as well as those committed by text or email.

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

Cervello

Cervello

Cervello is a leading provider of comprehensive and proven solutions to protect railways against cyber attacks.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

Cirosec

Cirosec

Cirosec is a specialized company with a focus on information security. We carry out pentests & audits and advise our customers in the German-speaking countries on information and IT security issues.

General Informatics

General Informatics

General Informatics is a team of technology enthusiasts with one mission: to make our clients even more successful through the best use of technology.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.