When it comes to cloud data security, fear, uncertainty, and doubt abound. In particular, enterprises in fields with heavy regulatory burdens around data privacy—healthcare, for instance, or financial services—may see the cloud as simply too risky to adopt. But a closer examination of some of the top threats to cloud data security show that the solution can be simpler than you think. Here’s a look at three major threats to cloud computing according to the Cloud Security Alliance, and how you can protect your organization.
Cloud data security threat #1: Malicious insiders
The simple fact of the matter is that the more people who have access to your data in the clear, the greater the risk of data theft or a data breach. You may have vetted everyone in your own organization carefully and monitor their activities extensively, but can you say the same of your cloud service providers (CSPs)? Whether tempted by personal gain or motivated by simple malice, potential rogue administrators or DBAs at your CSPs pose a serious threat to your cloud data security and regulatory compliance.
Cloud data security threat #2: Hackers and eavesdroppers
Malicious insiders are one thing, but enterprises that adopt cloud computing must also worry about their data and user sessions being stolen or intercepted by outsiders, such as hackers and government agencies.
Data that’s in the clear, either in storage or during a session, is data that’s ripe for plunder. The NSA may do nothing more nefarious with your data than put it in a database for analysis, but hackers, like malicious insiders, are typically motivated by either personal gain—identity theft can bring in big money, after all—or the simple desire to cause trouble. Either way, your data is at risk, and so are your compliance status, your customers’ trust, and your bottom line.
Cloud data security threat #3: Cloud API vulnerabilities
People wouldn’t pose a threat to cloud data security if the cloud itself didn’t present vulnerabilities. Among the most serious vulnerabilities are those that can be found in the software interfaces—APIs—that cloud applications use. CSPs expose their APIs so customers can manage, integrate, and interact with the cloud services, and the security of these APIs is absolutely critical. APIs handle everything “from authentication and access control to encryption and activity monitoring,” according to the Cloud Security Alliance, and a weakness in the API can lead to a breach. Additionally, the open nature of APIs means that as organizations build on them to create purpose-built solutions, the probability of a vulnerability increases.
One solution for three threats: Client-side encryption gateways and enterprise encryption key control
All of these threats to cloud data security are serious, but none of them are unsolvable. In fact, the solution for each is the same, and the solution for each is simple. A client-side encryption gateway that ensures access to the encryption keys is controlled only by the enterprise—not with the CSP and not with a third-party encryption provider—can prevent data breaches caused by malicious insiders at the CSPs, hackers and eavesdroppers, or through insecure APIs. It does so by encrypting sensitive data before it ever leaves the enterprise perimeter and leaving the encryption keys at home, so to speak. No one outside the enterprise will be able to view the data in the clear, and thus, even if data is intercepted, it remains encrypted and safe. In other words, a client-side cloud encryption gateway ensures that a breach isn’t really a breach, mitigating the risks that come with cloud computing.
- On-Demand Webinar: Taking a Data-Centric Approach to Security in the Cloud
- White paper: Managing Data Residency and Compliance in the Cloud Age– How to enable new cloud applications while maintaining control over your sensitive information
- NEW eBook: Beyond Discovery: Cloud Data Protection
- Cloud data protection – which tools/solutions should you consider?
- Integration – which critical existing functionalities of the cloud must be preserved
- Control – what does it mean to have “control”?
What other threats to cloud data security does your organization worry about? Tell us your thoughts in the comments.