[BreachExchange] 7 Cloud Storage Security Risks You Need to Know About
Destry Winant
destry at riskbasedsecurity.com
Wed Feb 27 08:21:05 EST 2019
https://solutionsreview.com/cloud-platforms/7-cloud-storage-security-risks-you-need-to-know-about/
Putting your data on a cloud-based storage system seems like a
no-brainer. Storing mass amounts of data on off-site installations to
eliminate the cost of maintaining physical hardware? Sounds like a
win-win. If only it were that simple.
Storing data is one of the most common enterprise uses for the cloud.
It’s often more cost-effective than using on-premises software and the
systems can be accessed from anywhere on any device. However, cloud
storage systems come with a load of potential security risks that
should be considered before making the jump. While most cloud storage
systems have decent security measures in place, they aren’t perfect,
and can differ wildly from each other in terms of security coverage.
That said, it helps to know about cloud storage security risks you
potentially face so you know how to deal with them if they ever
happen. We’ve listed 7 cloud storage security risks that you need to
be aware of.
Data privacy
Your data is your data. You don’t want anybody to access it unless you
allow them to. This is easy enough to maintain when you store data
on-site, but what about on the cloud? Because your data is stored
elsewhere, it might be impossible to know just how closed off it is.
How can you be sure no one can access your data when you don’t
maintain the servers it’s stored on? When you migrate sensitive data
to the cloud, be aware that you might be losing essential privacy
controls.
Lack of control
When you rely on a third-party to store data for you, you’re lifting a
lot of responsibility off of your shoulders. This is a double-edged
sword, however. On one hand, you won’t have to managing your data – on
the other hand, somebody else will instead. If something affects your
storage provider, like outages or malware infections, that will
directly impact access to your data. You’ll have to rely on the
provider to fix the issues, though, which could take a long time. The
more time your data spends unprotected, the more dangerous it becomes.
Shared servers
Saying your store your data “on the cloud” compared to “on a server”
isn’t exactly true. Cloud-based storage systems still use servers to
hold data, but users don’t physically access them. Cloud storage
providers don’t build specific servers for each user; the server space
is shared between different customers as needed. You may be putting
your data at risk if others using your servers upload potentially
anomalous or hazardous information.
Lack of backup services
One of the biggest complaints storage systems receive is that they
don’t offer automatic backup functionality. Instead, they expect you
to make backups of the data you store on the cloud yourself. To be
fair, this issue doesn’t affect every storage provider – some will
automatically provide backups of your data for you. However, those
that don’t provide backups also don’t give you a safety net in the
event of sudden data loss.
Data leakage
A large part of secure data storage is making sure no one outside your
organization tries to access your data. Another part is making sure
your data isn’t sent to anyone outside your organization (unless you
send it yourself). Data leakage can cause serious problems since it
could expose business-critical or private data to external sources.
Even if you take steps to prevent anyone in your enterprise from
leaking data, your storage provider might accidentally expose your
data to the wrong person.
Rogue devices
Not every security risk comes from the storage provider itself. The
devices that access your data are also a potential source of danger.
Many companies are embracing BYOD culture, which certainly has its
benefits. This means, though, that more worker-owned devices will
access your storage provider, which poses a big security risk if one
of those devices happens to be dangerous. Shadow IT is another factor;
any device that a worker doesn’t register but still uses to access
your data can spell bad news.
APIs and storage gateways
Some enterprises use cloud storage APIs or storage gateways to help
them migrate their data onto the cloud. These tools act as a middleman
between the user and the storage provider. They may help your workers
access and manage the data on your cloud, but an insecure API or
gateway might cause a lot of damage to your data. If you want or need
to use a storage API or gateway, make sure you choose one that has
reputable security features.
More information about the BreachExchange
mailing list