By Insight Editor / 24 Feb 2019 / Topics: Cloud
Fear of cloud computing, large projected security budgets, and millennial attitudes towards information are all symptomatic of a single underlying problem.
That problem is the world’s inability to manage an increasing volume of data.
This happens because we aren’t taking stock of the underlying levels of security and the relational importance this information contains.
Here are 2 symptoms of the larger problem:
Consumers tend to gather around informational outlets in the hope of picking up useful tidbits of information relevant to their business, job, family, health, daily lives, or interests.
For example, take a cursory look at your browser’s bookmark list. We hit up our favourite websites every morning to check the news, stock prices, the local gym’s family swimming schedule, our kid’s hockey schedule, our auctions on eBay, Facebook (for lots of reasons), and the list goes on.
Because information flows so rapidly and the impact of that information can have nearly immediate consequences on global systems (and therefore our lives), we may be inexorably connected to the data that causes us so much grief.
Then there’s the question of millennials.
They’ve been raised in a world that gives them immediate gratification for information and data.
Imagine a mother and daughter that want to call their overseas working father after lunch. Both get up to make the call. The mother goes for the phone. Where does the daughter go? She runs to the computer to call daddy on Skype.
This sort of behaviour change is happening in virtually every living room, in every house of the developed world.
We can now board planes with a boarding pass on our phone.
A man recently passed through Canadian customs after showing only a picture of his passport on his iPad. And most of the purchases millennials make involve a little more than a few swipes of their phone.
We expect in-built security on all the devices and networks we access. And we don’t think much about our actions boosting security parameters we assume that the services we access are secure.
Computers aren’t just business machines anymore.
Our phones are as powerful as the best laptops from 10 years ago (and can store infinitely more data with the Cloud). Which raises the concern of our frequent connections to insecure wireless networks with little thought of security.
Is it possible for a modern business to accommodate this behaviour?
How do we fulfill this modern expectation of always-ready information – but at the same time keep our sensitive information safe?
In the past, enterprise data would be either saved on individual hard drives or dedicated company servers safely secured at the office.
Despite the emergence of cloud services, the fact is, businesses are now trusting a third-party with some of their most crucial assets and intellectual property. It’s understandable for them to feel skittish about cloud computing security issues and how they’re mitigated.
The motive for the hesitation is not that there are massive security holes in the cloud or vulnerabilities within those technologies. Rather, there is so much data to protect we aren’t even sure what it is, let alone how important to the business each individual bit is.
But Cloud computing isn’t new at all and there’s no reason to fear it.
If you’ve ever used Facebook, Google Docs, Instagram, or Uber you’re taking advantage of cloud computing applications.
What is new, however, are frequent data breaches and the ensuing mass media coverage. That’s where our fear stems from.
What are the best ways to mitigate this fear? Let’s take a closer look.
The biggest risk in data security is a malicious actor being able to associate metadata (like transaction chequing account data) with a name, an account, and an identification number (SIN, SSN, etc.).
If that information is disassociated, there is less of a problem.
When these two sets of data are combined, however, an identity can be breached, stolen, or worse.
Therefore, the underlying transactional data isn’t necessarily confidential. Rather the name, account, and any ID number when combined may be.
If I were, say, a bank, I could then safely keep my transactional data in the cloud as long as the relationship between the metadata and my personally identifiable data were kept separate.
Many large database marketing firms do exactly this by attaching a reference number to the transactional information. That reference number is the only thing that points back to the protected identity information.
So in theory, if the cloud-based transactional information were stolen, it would be of little value. The thief would know that someone shopped at a store and how much they spent, but not who it was (with zero access to their credit card or account information).
Another method to ensure that security risks from cloud-based transactional information are kept to a minimum is to eliminate human error.
40 percent of organizations using cloud storage accidentally leaked information to the public, thereby putting a big strain on their organization’s data integrity. This means there’s isn’t an inherent failure in the technology itself, but human fallibility is to blame.
Security best practices entail training for staff so that they’re able to detect modern methods of hacking and infiltrating personal data. Employees need to be trained on preventing phishing, social engineering, and man-in-the-middle attacks.
This means discarding suspicious emails, not connecting to unknown public wifi networks, or handing over data/key information over the phone.
Cloud computing security issues can be easily quelled if your organization takes a proactive approach to data management.
For example, an overlooked threat to your data is often in the form of an employee gone rogue. If there are no internal controls in place, said employee would be free to download and store all the data they wanted (to sell it to the competition, release it to embarrass your company, or worse).
At a minimum, your organization should prevent employees from accessing or downloading information from the company’s cloud services on their personal devices. Printing services should be restricted for only a few key personnel and USB drives should be deactivated.
12 million people suffered some form of malware, spyware, or virus attack in the last six months. And with cloud computing apps in employee personal devices, this means your business’ data could be at risk.
Every device accessing your software or database should be protected so that it’s able to quell threats and nip problems in the bud.
Despite all the fear and uncertainty regarding cloud computing, a mass exodus to the cloud is all but inevitable.
Current statistics show 86 percent of companies use some form of cloud computing which clearly demonstrates that CIOs believe there are advantages and they outweigh the risks. Using cloud services has, to a large degree, become an important determinant of business success.
Preventing data breaches and addressing Cloud security issues ultimately falls on your organization so ensure your company is taking steps to harden itself against attacks from malicious actors.
