The FBI is looking into allegations that “intimate” photographs of celebrities were stolen and posted online. Around 20 personalities have had images leaked and uploaded, and it is believed that some of them were obtained through the hacking of cloud services that back up content from mobile devices on to the internet.
There are a few immediate lessons here and they go beyond being careful where you store your photographs that you wouldn’t want your mother to see. There are lessons for your business too. It has been estimated that by the end of 2015 end-user spending on cloud services could be close to £70bn globally. The remote storage of data that can be accessed online anywhere is a phenomenon with the momentum of a tanker truck.
As businesses become more dependent on cloud-based solutions how do they avoid being laid bare? There are three big, commonly identified threats to data held in the cloud:
- Theft: Someone hacks in and steals it.
- Damage: Your data is corrupted and/or lost.
- Access Denial: Even temporary downtime can be costly, but what if you couldn’t access your data – at all – EVER!
And then there’s number 4 … the hidden menace.
- End User Understanding: Where the security risk gets lost in translation somewhere between your Chief Information Security Officer and the person inputting the data.
Threats 1 to 3 need to be addressed with your cloud provider and through multiple stage logins. Your cloud provider backing up your back ups and thorough risk assessment of and contingencies for downtime are amongst the key considerations that go some way to mitigate these dangers.
The matter of your whole staff understanding the risks and their responsibility is a conversation that you need to be having with your people on an ongoing basis. Ensure that everyone understands their role in security by making it relatable and plain to understand – sounds simple, but it’s amazing how many problems could have been prevented just by everyone knowing and comprehending company policy.
It’s a two sided coin, in one sense cloud-based working can increase the security risk, a hacker IS far more likely to target a Software as a Service application than individual laptops, for example, because the rewards are greater. Having said that, unless you have really, REALLY good security on the servers locked away on your premises, most good cloud providers offer better protection and security – so while your data could be more of a target, it can be at less risk in the cloud.
Measures like multiple stage login processes and two-step authentication can reduce the risk from hackers. It’s worth having the “how safe is my data with you” conversation with your provider. How physically safe is your data? This is a high trust relationship – you need to be confident that your cloud provider’s servers are situated somewhere secure. Some cloud providers use converted nuclear bunkers with hugely restricted access – how seriously does yours take physical security?
Then there’s the non-tangible security – who has access to the computer network that the servers reside upon? Virtual Private Networks (VPNs), robust encryption and limiting access to a small number of staff all help – what is your provider doing to protect your data?
Data loss and corruption are more likely to be down to the operation of your cloud provider than at the hand of some malicious hacker. The company storing your data has to take appropriate precautions, like making multiple copies – in more than one location and they should be regularly testing the integrity of their back-up structure. Ask your cloud provider what they’re doing to mitigate the risks of your data getting corrupted or lost.
You should also have a company cloud policy – there might be some data that you’re happy to back-up to the cloud and other data not so much. Clearly defining the data that you back up to the cloud is a sensible but simple measure that a large number of organisations have not considered – what’s your cloud policy?
Finally, spend wisely – in the cloud you do get the security that you pay for. The cloud phenomenon has reduced and in places entirely eliminated your need to build, service and maintain costly computer infrastructure estates allowing your business to instantly scale as your requirements increase. But these many benefits and all this transformative progress will be of zero consequence if the way you use the cloud puts your vital data and your company’s reputation at risk. And if you still don’t believe me – just ask a celebrity’s mum.