Top Cloud Data Security Challenges
Check out these top challenges — and solutions — for cloud data security.
Join the DZone community and get the full member experience.Join For Free
Almost three-quarters of businesses will run nearly their entire operations on the cloud by 2020. Organizations are flocking en masse to cloud computing, eager to capitalize on the speed, scale, and flexibility a cloud-based infrastructure can provide. But as cloud computing grows in popularity and transforms how companies collect, use, and share data, it also becomes a more attractive target for would-be attackers and hackers.
Cloud providers have invested time and resources into bolstering cloud security and boosting customer confidence. Solutions that were once believed to be fraught with risk have been strengthened through containerization, encryption, advanced failover, and automated threat detection capabilities.
Still, threats to vital infrastructure and core service applications persist and continue to evolve. As cloud adoption continues to soar, new — more inventive, sophisticated, and malicious — threats continue to emerge. IT pros feel a sense of urgency to find ways of better identifying, resolving, and protecting against them.
Here are the top cloud data security challenges IT pros should pay special attention to.
A security breach today costs an average of $3.86 million globally, making it among the most serious and potentially costly cloud data security risks. Cloud services business users access every day — collaboration, note sharing apps, or any of the 90-plus cloud apps used by marketing alone — are particularly vulnerable to an attempted attack from would-be bad guys.
Solution: Invest in encryption or data tokenization to protect the data itself and employ threat intelligence and intrusion detection tools at the perimeter to quickly identify a threat and mitigate it.
The corollary to a data breach is the downstream impact it has on a business's other corporate responsibilities. That is, in the aftermath of a breach, investigations occur that may reveal an organization had fallen out of compliance with the rules designed to protect against a breach in the first place.
Compliance standards such as PCI DSS, HIPAA, and GDPR, among others, serve as best practices guidelines for protecting sensitive information and systems. Still, many companies are concerned about ensuring regulatory compliance when their data is in the cloud. Data security is a wide-ranging, multi-faceted responsibility that can, unfortunately, result in non-compliance violations that carry expensive fines, lawsuits, and even potential criminal penalties.
Solution: Develop and use a company-wide data governance policy that defines who can access information and how it should be handled. Enforce the policies through identity and access management solutions.
Believe it or not, one of the gravest threats to data security is a company's own employees. Everything from using similar passwords for many accounts to careless sharing of passwords and even using devices without any password are common security points of failure driven by a company's own users. "Phishing" is a prominent cause of insider threat too, accounting for two-thirds of accidental insider threats.
Whether purposeful or on accident, a full 55 percent of business leaders say that unauthorized access through misuse of employee credentials and improper access controls for cloud applications are the biggest threats to their cloud security.
Solution: Combine automated user access and identity management with ongoing end-user education that reinforces smart, safe data handling and access practices across the organization.
Application Programming Interfaces (APIs) are the glue that holds a cloud environment together. They allow various cloud-based apps to connect with one another seamlessly, helping companies customize their business technology environment.
But the very nature of APIs is also what makes them a threat to cloud security. To communicate sensitive data among applications, APIs require direct access to each app and credential authentication. As the collection of APIs grows, so do the points of vulnerability for a potential breach.
Solution: Employ SSL (Secure Socket Layer) protection to establish encrypted links between data destinations and authorization based on factors such as incoming IP address, device identification, and geography.
Disaster will strike. It's not a matter of "if," but rather of "when." Power outages, natural disasters, and all other manners of mayhem can cause an organization to lose all access to its IT infrastructure. During that time, be it a minute or several hours, a company is no longer in control of its most critical data — a terrifying experience for those in charge of protecting the business — and business may grind to a halt. Commonly-used tools and apps will be inaccessible during an outage and data transmission across all destinations will be interrupted until connectivity is restored.
Solution: Devise a business continuity/disaster recovery (BCDR) plan specifically designed with cloud applications and workloads in mind. Review your cloud vendors' security and data safeguards and request regular audit reports.
Published at DZone with permission of Garrett Alley, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Real-Time Made Easy: An Introduction to SignalR
Extending Java APIs: Add Missing Features Without the Hassle
Microservices Decoded: Unraveling the Benefits, Challenges, and Best Practices for APIs
VPN Architecture for Internal Networks