Photo of Rajnish Ghaly

Rajnish Ghaly

Security Blogger

20th December 2022

Cloud computing is increasing in popularity due to its convenience and cost-effectiveness, however, these advantages must be balanced with the security risks it presents. Businesses often use this technology without fully understanding how vulnerable they are to security breaches. In the last 18 months, approximately 79% of organisations experienced at least one cloud data breach, while cybercrimes have risen by 300%. Businesses need to be more vigilant about data security than ever before as cyber attacks are predicted to cost companies up to $10.5 trillion by 2025. With the threat landscape constantly evolving, it’s essential for businesses to stay on top of their risks. 

This blog will discuss some of the most common cyber security risks associated with cloud computing, best practices for risk management, and how your organization can securely back up its data. 

What is cloud computing?

Cloud computing is the delivery and availability of on-demand services, such as servers, applications and data storage, that are hosted on a cloud service provider’s (CSP) platform instead of your own. This provides users with ease of access to resources across multiple devices. Beyond the capacity to host and store files and data, cloud computing provides access to resources, such as email applications, analytics tools and communication platforms. 

The accelerated growth of cloud computing is expected to continue to rise from $83.41 billion in 2022 to $376.37 billion by 2029. As more and more companies rely on cloud-based technology for their work, especially with remote working practices in place, you need to ensure that your deployment is secure so that data remains protected.

Cloud computing security risks

Having your files in an online space is not necessarily dangerous, but the convenience of cloud computing can lead to oversights in security. Businesses should be aware of the risks associated with storing data in the cloud. Here are some of the most common security pitfalls associated with cloud storage:

Data breaches

Unauthorized access brought on by inadequate security measures is one of the biggest threats to cloud security. As a business, you must consider if your CSP provider provides comprehensive protection against data leakage or unauthorized access.

Data loss

Cloud services have the potential to back up large amounts of data. However, cloud services are not infallible, so it’s important that your security strategy to account for potential data loss. Regularly backing up files and folders will help safeguard your company from data loss, so ensure your CSP offers this capability. 

Data leakage

Cloud services can provide publicly accessible links or URLs for uploading and downloading files. This may be practical, or even necessary, for your business operations, however if this is not managed correctly your company could be at risk of data leakage. Businesses should restrict access to links in accordance with best practices and encrypt data where appropriate.

Data deletion

Simply hitting the delete button when using most online storage solutions does not erase all traces of your backed up data. For example, Microsoft OneDrive keeps files in a cloud-based recycle bin even after they have been deleted locally. In order to ensure good data hygiene and meet compliance needs, it’s best to find out exactly how CSPs permanently remove old files from their servers, so there aren't any unexpected surprises down the line.  

Account hijacking

Cyber criminals can obtain valid login credentials to remotely access data stored in the cloud. This is why it’s best practice to enforce the use of strong, unique passwords, along with two-factor or multi-factor authentication, across your whole business. Additionally, the password security standards should be enforced as a company policy. 

Regulatory compliance

Data protection rules and regulations vary between territories. As part of your due diligence, ensure that prospective cloud providers deliver the data protection you need to maintain the security of your data and compliance relevant standards, such as the GDPR. If in doubt, consult with a DPO who can advise you on compliance and data sovereignty issues in the cloud.  

Insider threats

It’s not just external threats that you need to worry about. IT administrators, system developers, and other trusted employees with access to sensitive data could put your cloud security at risk. The larger your workforce gets, the greater the chance of an insider threat. So, businesses need a way of auditing activity taken on their accounts, such as monitoring when data is being downloaded or shared, the movement of files, and data deletion.

How to handle cloud computing risk management

Cloud penetration testing

Cloud pen testing should be conducted regularly as part of your business's risk management strategy. Penetration testing your cloud environment is an effective and proactive way to evaluate your cyber security posture and identify vulnerabilities within your cloud infrastructure, such as weak credentials, insecure APIs, and outdated software.

Contingency planning

Check to see if your provider has a business continuity plan. This should define their approach for securing data stored on their servers and the availability of your data, in the event of emergencies, such as natural disasters or cyber attacks. You should also find out how frequently they test their business continuity plan to ensure that everything functions correctly when needed.

Review your CSP’s security measures

Ask your cloud service provider to define their default security controls, as the grey area of the shared responsibility model can lead to security oversights which ultimately introduce vulnerabilities into your infrastructure. Also ask them to outline their security approach, for example when they were last pen tested, or how frequently they run vulnerability scans.

Security training

Security training will help employees spot the signs of common cyber attacks, such as social engineering, and help secure important data stored within remote servers. Ensure cloud security forms part of your employee security awareness training to educate your staff about the security risks involved with cloud computing.

Cloud backups

Cloud backups are practical, cost-effective and convenient. However, there are also risks to backing up data to the cloud. For instance, the location of a CSP’s off-site storage is important in the event of a security incident. In 2021, European cloud provider, OVHcloud, saw a fire destroy one of its data centers and partially damaging another, rendering services offline. Many OVHcloud customers lost their data in the fire, and customers were also unable to access data that was stored in the Neighbouring data center until OVHcloud restored its services.

It is up to your organisation whether you accept the risks of cloud backups or not. If you do backup your data to the cloud, consider the following:

  • Encrypt data to ensure that it cannot be read even if the cloud platform is compromised
  • Store backups across various regions, so you have greater peace of mind that your backups safe in the event of cyber attack or disaster
  • Take ownership of your data and understand that your employees know where data really resides and who can access it, regardless of what your guidelines say
  • Ensure your data is supported by policies and procedures required for data protection and security

In summary

Since cloud data can be accessed from virtually anywhere around the world, it is vital that good risk management practices are carried out to prevent hackers from breaching cloud infrastructure. It is essential to understand the risks and vulnerabilities associated with cloud services to secure your business from cyber criminals. Before signing up to a cloud provider, you must perform your own due diligence to see whether they will address your business needs and protect your data. The more research you do, the easier it will be to decide which organizations meet your security and operational requirements. 

Let us help secure your business today