Cybersecurity Risks in the Public Cloud
Diversus Group’s safety tips when using a public Cloud.
While the public Cloud is quite safe in some ways, there are still a vast array of risks that you should be aware of when moving into the Cloud. Leading analyst firm Gartner, have theorised that by 2023, 99% of all Cloud security breaches will be at the fault of the customer. When incorporating a public Cloud one of the most important factors is to keep tight security on your privileged account passwords i.e. those that have high level or administrative access, and to keep a close eye on account compromises e.g. phishing or email scamming.
Lack of Cyber Awareness
One of the main risks to security in the public Cloud is not technology, but a lack of cyber awareness amongst employees or team members in an organisation. Properly informing and educating a team on the dangers of using, or accidentally publicising sensitive information or data from a public Cloud is imperative. Any privileged login into your organisations Cloud can be targeted through a number of means, including malware and phishing software. Both can be targeted to obtain active or inactive emails and passwords that may provide access to the Cloud or could be linked to another device with access to the Cloud.
As with on-premise IT, it is critical that software updates, (‘patching’), are current to ensure that you are not vulnerable to attack. It is also vitally important that your cloud services are configured correctly to ensure that you do not inadvertently expose data. Further, without adequate defences that are cloud ‘aware’ we have observed crypto jacking (the unauthorised use of someone else’s computer to mine cryptocurrency) activity within public cloud environments. For many, compliance is a work in progress as we also see a high number of unencrypted databases residing in the public cloud.
Another risk using the public Cloud is multi-tenancy. This is when a number of other users on the same Cloud share the same servers and infrastructure. Though they are completely segregated from your data and sensitive information, a breach in their network could still affect your business’s infrastructure. While the risk of this is comparatively low, it is still a possibility when operating a Cloud based service alongside thousands of other customers. Despite these risks, public Clouds often have some of the most effective security facilities and practices in place to withstand the high demands that they are subjected to.
With the security risks associated with the public Cloud you might be wondering what we can do to help you get set up safely. Luckily, we have fantastic experience deploying secure managed Cloud services. In order to provide peace of mind we offer a security and compliance solution which can also be offered as an ongoing managed service. The solution can automatically discover cloud resources and sensitive data. It can then detect any risky configurations, network threats, suspicious user behaviour, malware, data leakage and host vulnerabilities greatly reducing the risk profile.