How valuable is your most valuable asset if it is left unprotected?
Today information is easily accessed on the cloud for our convenience. Big businesses, the government, banks, and even some smaller businesses are beginning to take advantage of this. But is the risk too great? Wiki Leaks, Snowden, the Sony hacks, Target’s credit card breach, and countless celebrities being hacked are just a few of the stories that will make you think twice about security on the cloud.
Understanding what the cloud is and where its vulnerabilities are, the different types of cloud platform, as well as the new legislation U. S. Congress may pass, all contribute to how data is secured in the cloud.
What Exactly is the Cloud?
The cloud, though hazy, isn’t floating free up in the air. Cloud computing connects you to your data through remote servers and software networks that allow real time access to information without needing to store processed data. Depending on the classification (public, private, or hybrid) of the cloud, that data is often stored on server farms that are so large they use 2% of the U. S. electricity.
How Vulnerable is the Cloud?
Information is vulnerable in some capacity no matter where you store it. Security breaches whether small or large, frequent or infrequent are still serious matters.
Data breaches will happen. The most common form of data breach happens internally when staff takes or loses data. Taking precautions by limiting staff member access and securing your information with audit trails will help to protect your information from these threats outside of the cloud.
Externally, hacks are attempted every day and according to a new Verizon Data Breach Report 23 percent of phishing email recipients will open it and 11 percent will click the attachment. Human error allows attackers the opening they are looking for to take important information. Leviathan Security recently stated in its whitepaper, Value of Cloud Security: Vulnerability,
“Ultimately . . . companies considering storing their own data, rather than using a cloud-based storage medium, must realize that in addition to the direct costs . . . , they must make a significant and continuous investment in tools, training, and personnel charged with guarding the business’ most significant assets: its knowledge. The defense, like the adversary, must be continuous, growing, and tireless; anything less will not suffice. ”
Human error coupled with the increased persistence and intelligence of hackers make protecting information a never ending battle. Implementing protocols for these scenarios and being aware of the laws regarding cyber-attacks, as well as maintaining up-to-date security practices will help to further secure your data.
How is the Cloud Being Secured?
In dealing with security with services in the cloud, there are three primary service offerings to consider, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
In IaaS, the infrastructure is sold to the end-user, charged on a regular basis using the factors of time or usage. These are generally bare-bones systems which have an operating system (OS) installed, and remote access. The physical and network security is typically handled by the service provider, alongside maintenance of the underlying hardware. End-users must manage software security and maintenance across the OS and hosted services.
PaaS takes the benefits of the preceding service, and provides a streamlined platform to deploy software packages onto. Contrasting with IaaS, PaaS also maintains and abstracts away the need for software security and maintenance across the OS. However, the end-user still needs to manage software security for the software package to be installed on this service, including in-memory, in-transit, and at-rest data.
SaaS is the easiest to consume and allows end-users to directly go to work and begin interacting with the software they need to work with. Security across hardware, OS, and platform are all maintained by the preceding service providers and companies who configure the solution. The need to maintain the solution and manage backups are all covered and abstracted away from the end-user’s view.
By choosing to outsource IaaS, PaaS, and SaaS companies drastically save time and effort to get up and running as well as for maintaining the systems. This can prove to be invaluable for small businesses as well as very large companies because of the services and conveniences they provide.
Who will be Legally Responsible?
Currently the U. S. government is making plans to work together at all levels with the private sector to come up with a solution for cyber threats. President Obama has signed executive orders and the House and Senate are reviewing legislation to pass new laws.
On February 12, 2015 President Obama signed an executive order that would allow public and private sectors to share information regarding cybersecurity. In his address at Stanford University, he said, “There is only one way to defend America from these cyber threats, and that’s through government and industry working together, sharing appropriate information as true partners.”
The executive order focuses on three key areas: information sharing, privacy, and the adoption of cybersecurity practices. The goal is for the government to work with the private sector to develop a Cybersecurity Framework that will aid organizations in implementing real solutions to reduce cyber threats. The order can be read in its entirety here, Executive Order – Improving Critical Infrastructure Cybersecurity.
In April the House approved the controversial Protecting Cyber Networks Act that is now waiting to be addressed by the Senate. The Protecting Cyber Networks Act in brief allows the federal government to prepare itself as well as state, local, and tribal governments against cyber-attacks and for responding to cyber-attacks by sharing information and developing procedures based on the analysis of that information. It also requires reviews to safeguard individual privacy and civil liberties as well as upholds the right of any individual to pursue legal action if they feel these rights have been violated by the government.
There are several other bills awaiting congressional approval including Cybersecurity Information Sharing Act (S.754) and Cyber Threats Sharing Act (S.456). They both continue to address the need for sharing information to combat against cyber threats and the actions that should be taken to ensure against them.
Take the time to read and learn about the new ground breaking legislations as they are sure to impact the future of storing and protecting data.
Technology continues to grow and change and with it the cloud and its vulnerabilities. To insure that your information remains secure implement precautions like audit trails, maintain your data security, and stay up to date on any new legislation that will impact the cloud and how data is stored and protected.