One of the biggest technical issues plaguing companies around the globe is security of their systems and information. The vast majority of companies store their data on computers, with many moving some or all of it into the cloud. When employing the cloud, companies have to trust the provider’s security, which has come under attack with increasing intensity in the past few years.
In this year alone, nearly every major cloud provider has had issues with their services. From natural disasters to hackers, companies have seen their data exposed or made unavailable, and this isn’t the first time this has happened. In 2011, Sony Entertainment had nearly 77 million accounts hacked, exposing user’s information. Dropbox had numerous service outages. And Gmail experienced a 30-hour outage that resulted in 44,000 accounts being lost. The list goes on, and issues since 2011 go to show that cloud providers and their systems aren’t invulnerable.
Despite these numerous attacks and problems, many data centers where cloud providers locate their servers are physically secure. Google’s recent security video is a good example of how secure the physical locations are.
When companies talk about cloud security however, they don’t just talk about how secure their physical location is, they also strive to protect against three other elements:
- Service outages
- Confidentiality of your personal information and control over who can access it
- Privacy of banking details and other related information
By focusing on these factors, cloud providers are able to provide close to 99% security. However, many companies are still at risk when using the cloud, and this risk actually comes from inside the company. Nearly every cloud service requires a password to access, but scammers know this and they can attack other services, or your company, to get you to give up your password. Once they have obtained this, your data is compromised, regardless of where it’s stored. This is what happened in a latest security issue with Dropbox.
If your company utilizes cloud services there are a number of things you need to be aware of when it comes to security:
- According to all cloud providers, liability for sensitive data stored in the cloud rests with your company, not the provider.
- Some cloud vendors provide reports written by a neutral third party on the security of their service. These should be taken into account when deciding on a provider.
- As with anything online, you should be taking steps to backup data that is stored in the cloud to a secure physical location.
- You should establish a process that encourages your employees to change their passwords at least every three months.
Do you use cloud solutions in your company? If so let us know what your concerns are about security. If not, what are your reasons for staying away from cloud technologies?