Written by Chad Schamberger, Director of Engineering- VirtualArmour
40 percent of North American business-critical applications are in the public cloud*, whether it is file storage, a communications application, or full blown IaaS. These strategies are attempting to address one common theme, increasing productivity of your employees and reducing costs associated with running these services on your own. Especially for small to medium businesses, hiring IT professionals is usually not a part of a business plan, these services are crucial to operating at the level of your competition. Cloud usage must be a part of nearly every single business large and small but do the risks out weight the rewards?
You probably ask yourself is the cloud more secure? Is my information and IP better suited to rest and operate in the cloud? Some say cloud service providers are better suited to provide security controls as it is their business and it is inherent to their high standard of operations. More than half of cloud applications, including all the mainstream providers, follow industry security standards, so your data likely rests in a secure environment. Others argue that, although cloud services may be inherently good at keeping your data safe, it doesn’t mean that your data isn’t potentially malicious to your users.
Let’s dive a bit deeper into the last argument. A cloud storage provider has done a valiant job at protecting your data and providing access control to properly authenticated users. In your eyes, and the provider’s, you’re operating in a compliant cloud storage environment. What about my trusted users? How do I protect against intentional or unintentional malicious employees? For example, a Drive Sync, a feature where a folder can sync data from the end-point to the cloud and vice versa. Drive Sync, your best friend and your worst enemy, exponentially increases the attack surface associated with cloud storage providers. Only one end-point needs to be compromised and it could potentially spread to your entire organization.
The typical stance is not if, but when, will I be a part of a data breach. Does utilizing cloud providers increase my chance of a breach? The answer is likely yes if you don’t approach with the same process as you would with any other business critical application.
Per a report released by Netskope*, 34 percent of organizations have malware in their cloud applications and don’t know it. 57 percent that do scan for malware in their cloud apps found it. So we know that there are already methods in place for attackers to leverage these services, the decision you have to make do the risks out weight the rewards? There are plenty of mechanisms out there to safely adapt cloud services, and the benefits are too useful to ignore. The only way to properly address cloud adoption is use the same processes you would building them on your own. Know the apps you have, control their usage, protect your most sensitive data, scan and remediate threats.