Today’s Cloud (yesterday’s Main Frame) is available not only to individuals within a company, inside their building, on their local network. It’s available, by design, to the entire world. This is both its strength, in that it has revolutionized the way we interact in every facet of our lives and its weakness. The virtues of the transparent, accessible, always on and connected cloud expose important information in a way that can be devastating. That is why the consideration of security in the cloud has some fundamental principles that you should use when you approach any cloud service.
Cloud security isn’t one simple answer but rather a series of different aspects to observe. While there are several aspects to security, we’re going to focus on two in this article; the technology and the user.
The first thing to consider is whether the technology itself employs key components of a secure system. The short answer, generally yes. Here are the key things to look for as telltale signs that you are using cloud services that are “technically” secure.
An absolute must-have for any cloud technology, including websites, is encryption. Cloud services encrypt data to keep it in the right hands. What this means is that your data is run through an algorithm to hide your data from anyone trying to get ahold of it that isn’t you. If a hacker were to get ahold of your data, they would need the encryption key and even then it would take a large amount of work and time to process any of that information.
When you go to get a driver’s license or a passport, the DMV asks for two forms of identification to make sure you are who you say you are. Cloud Security uses Multi-Factor Authentication in the same way for the same purpose. To gain access to an account via a username and password, you will also need to verify your identity through an associated phone number, email account, or fingerprint.
Frequent Updates and Upgrades
Developers are constantly working to maintain and improve their platform’s security. When a developer identifies a vulnerability in their code, they will address it in the form of an “update, upgrade, or patch”. These aren’t just to improve the cosmetics of the UI, but to make you more secure. If users continuously hit “Remind me tomorrow” on necessary updates, they are putting themselves in a position to be victims of data loss.
“User Error” is absolutely the easiest and most common point of exploitation to any system. Setting up solid security practices across your digital life is your best line of defense.
It might be You, not them
Both cloud services themselves and the settings you decide on such as password and two-factor-authentication have a lot to do with your cloud security.
You may remember the infamous Apple iCloud hack from 2014. Hackers were able to access the personal data of celebrities and released it to the public. What you never heard from the media, however, was that Apple was never breached. Rather, the hackers were persistent enough to guess the passwords and security questions of the 26 victims.
Following the attack, Apple increased its use of multi-factor authentication, mentioned above, to protect users, however, it didn’t make it the default setting so unless users opted-in, they were left out.
To protect yourself, have a strong password, unique to each account you have using at least 8 characters, mixing upper and lowercase letters, numbers, and special characters. Don’t use any name or number associated with your identity and change it every six months.
Here’s a way to make any password you have more secure.
Say your password was carnival87.
By using alternating upper and lowercase letters, and inserting special characters for comparable letters you could make it C@rN!vAL87. Just by making those small adjustments, your password is now significantly more secure and less likely to be guessed.
Phishing is the term for hackers that attempt to obtain information from anyone that can be tricked into believing them. Some scams even contain website landing pages that are well designed and allow you to “reset your password” and can even send you a confirmation email after the fact.
Learning how to identify phishing attacks and even training your staff to do so can protect your cloud accounts from a data breach.
- Is there something weird about the email address?
- If I hover over a link in the email, does the URL look strange? (DON’T CLICK)
- Are there spelling mistakes or vague pronouns like “Dear Customer“?
Other things to remember are to not to open attachments, and don’t be fooled by an email just because it appears to be marked “urgent”.
Finding what’s right for you
Cloud services aren’t a one-stop shop. Some are built to be more versatile and accessible while others are intended for extreme security.
All Cloud Services weren’t created equal
When it comes to cloud storage, different services function differently. SpiderOak, for example, encrypts your data before it is sent to them and leaves the encryption key local to your device. This means it’s only accessible by you; not even SpiderOak employees.
If you want to learn more about different services and how they function, you can read more here on TechAdvisor.
While there are many different functions of cloud services, security needs to be thought about this way:
Other Articles You Might Be Interested In:
Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...read more
Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.read more
Founded in 1999, ITonDemand helps businesses and associations across the US achieve growth by guiding and supporting IT infrastructure and providing cybersecurity management. ITonDemand’s Core Solution and Security+ have been recognized among both Managed Services and Cybersecurity Providers as a member of the MSP Pioneer 250 and the Top 200 MSSPs.