Last week, Facebook announced the launch of Portal, a voice-activated smart home camera device. Considering the recent data breach the company suffered, the tech press response to Portal ranged from bafflement to incredulity.
In response, Facebook senior exec Andrew Bosworth insisted< all processing was done locally on the device – so no information was uploaded to the cloud, or stored on Facebook servers. But is this sensible policy or scaremongering?
This article will argue it is a bit of both; going through various data breaches and scandals, privacy fears around the cloud, and how using tools like VPNs – albeit with a degree of caution– add an extra layer of security to the cloud computing equation.
Cloud data breaches and scandals
Data breaches are common occurrences in today’s information-driven world. Although a lot of these breaches involved server-hosted companies, cloud-hosted companies have had their fair share as well.
Facebook’s data breach is the latest in this lineup. It happened in September of this year when Facebook’s engineers noticed a sudden spike in the site’s user activity.
This led them to scramble for a solution until they concluded that their site had in fact been compromised. Recent reports state that the hackers may have had unrestricted access to over 50 million records.
Earlier this year, Data firm LocalBox was in the news for its controversial building of detailed profiles by scraping publicly-accessible social media data of millions of individuals which left 48 million people’s records on an exposed server.
Last year, conservative data firm Deep Root Analytics exposed 198 million voter records.
In the same year, Kromtech Security Center discovered that healthcare services company Patient Home Monitoring had left 150,000 patient records unsecured. These records included PDF files and sensitive medical data.
With all of these data breaches and scandals, it’s no wonder why many businesses have doubts about the cloud’s security. But these fears are actually ungrounded.
Why?
Most privacy fears around the cloud don’t actually involve the cloud
Privacy and security in the cloud are the primary concerns for many executives and IT managers. Such concerns are understandable given that you’re pretty much entrusting your data to someone else.
Fanning the flames of these concerns are the various data breaches involving the cloud. But what a lot of people don’t realize is that most breaches don’t involve a lack of security in the cloud provider itself.
In fact, a recent Cloud Security Report by Cybersecurity Insiders shows that three out of the four biggest cloud security threats don’t actually involve the cloud service itself.
The four biggest cloud security threats being:
- Misconfiguration of the cloud platform
- Unauthorized access through misuse of employee credentials and improper access controls
- Insecure interfaces/APIs
- Hijacking of accounts, services, or traffic
Human error is actually the cause for most of the recent cloud data breaches including the ones involving World Wrestling Entertainment and Verizon.
Misconfiguration happens when professionals used to the local infrastructure attempt to recreate their local solutions in the cloud without taking into account the intricacies of the cloud provider’s particular features.
Unauthorized access through misuse of employee credentials and improper access controls is, again, not attributable to the cloud provider itself but instead to a client’s employee(s).
The problem with this is that they’re difficult to detect and investigate. This threat can be caused either by an employee intentionally stealing and using someone else’s credentials or by obtaining them by mistake.
Hijacking is a process in which an attacker steals an individual or organization’s cloud account, usually an email account or other credentials. This is a common tactic in schemes involving identity theft where the attacker conducts malicious or unauthorized activity by using the stolen account information.
Hijacking was what caused the whole Apple iCloud debacle. This is why Apple, along with implementing other security features, suggested that users strengthen their passwords.
This all means that while the cloud may suffer a lot of data breaches, the truth is most of these breaches are caused by external factors and not factors inherent in the cloud itself.
Tools to improve cloud security
So you’ve learned that, by itself, the cloud is secure for the most part. That said, in a data-driven economy, organizations will stand to benefit from utilizing certain tools to maintain an adequate level of security for workloads in the cloud.
In fact, the Cybersecurity report showed that 54% of respondents saw network encryption to be an effective way to protect data in the cloud. Perhaps the easiest tool for network encryption is the humble VPN.
The best VPNs protect your cloud data by utilizing military-grade AES 256-bit encryption. This is the same encryption standard used by Apple, Microsoft, and even the U.S. military. Add to that the fact that a VPN masks your IP address and you’ve got a tool that not only secures your data but also prevents it being traced back to you.
Now, there has been recent news about major security flaws found in the top VPN providers but they’ve since been fixed. That said, the same security flaw may still be present in some VPNs so some caution is still required when looking for the right VPN for your organization.
If you’d like to compare the best VPNs available on the market today, check out my reviews for the best VPN services.