The Top Three Mistakes Failing Your Cloud Security

BY Jon Howes, VP and GM of EMEA at Wasabi.

  • 5 months ago Posted in

The majority of the world’s data is still stored on-premises (on-prem), meaning valuable information is left vulnerable to physical damage or theft. When implemented correctly, cloud offers a more secure alternative. Plus, an additional cloud backup of any data stored on-prem provides a safety net against physical risk. As more business leaders recognise the value of cloud storage and begin to migrate their company’s data it is important they prioritise securing their cloud backups as part of that process. 

 

Cloud is by no means immune to hacks, in fact recent research from Thales revealed cloud resources to be the biggest target for cyber-attacks, with SaaS applications (31%), cloud storage (30%) and cloud management infrastructure (26%) topping the list. However, if migrating to the cloud is done with a security-conscious mindset there are numerous steps that can be taken to ensure your data is protected by the most stringent defence possible. 

 

By neglecting cloud backups business leaders compromise their sensitive customer data, which may result in legal persecution, financial loss and damaging trust and reputation. The consequences can be dire, so learn from the mistakes of others to reinforce your own business' cloud storage and valuable data found within. 

 

Overlooking the impact of a carefully constructed strategy 

 

The first mistake business leaders make when adopting cloud technology is doing so without much thought. Cloud backups work best when implemented within a well-considered strategy, with rationale and next steps in place. To ensure you are getting the most from your cloud service provider and that your backups are provided the best possible protection, it is crucial to understand the nuances of cloud technology and its potential risks. 

 

Not all cloud providers are made equal, so selecting whichever big-name appears first from a Google search would be a mistake. Cloud storage companies differ from one another in their security protocols, data handling practices, and recovery options. Do your research and make the choice based on which suits your business’ specific backup requirements best. For example, consider how much data your organisation needs to store, in what ways that data will be used and your budget for doing so. 

 

A comprehensive cloud storage strategy will encompass regular reviews, frequent testing and adjustments for evolving business needs like changes to capacity, access methods or degree of security depending on new regulatory mandates.   

 

Part of your strategy should include how frequently backups are completed. A good balance lies between not backing up so regularly that you consume unnecessary storage space but often enough to avoid data loss. A backup is only useful if you know how to restore it; it is therefore crucial to have a strategy in place for restoring the backup quickly and effectively to ensure operations are resumed with minimal disruptions. 

 

 

Failing to implement strong security  

 

Once you are confident in your understanding of a backup strategy, the next step is to protect your cloud with a suite of stringent security parameters. According to data from the Information Commissioner’s Office, the UK was impacted by more ransomware attacks last year than in all previous years combined. Hackers will often attempt to delete your backups in a ransomware attack to prevent you from recovering any data; it is therefore more important than ever to secure your backups. 

 

The first security measure in place should always be multi-factor authentication (MFA). It is necessary to prevent unauthorised access even when log-in details are compromised. Then, encrypting your backup can also prevent unauthorised access. Also, immutable backups — that no user, administrator or third party can delete or corrupt — in the cloud are a proven ransomware mitigation strategy for ensuring that no one can alter or remove your data. Finally, if a cloud provider prioritises security, they would have begun to offer (or currently be developing) multi-user authentication (MUA). MUA means that if a hacker attains the account holding the immutable backups, they will not be able to delete your stored data without additional authorisation from your chosen security contact.  

 

Failing to have these security measures in place leaves your company’s data exposed to breaches— with today’s threat landscape spearheaded by AI only exacerbating vulnerabilities. A single layer of security is no longer sufficient. When implementing security measures, it is always best to be proactive; building an impermeable foundation of protection as opposed to patching up the holes after the fact.  

 

The combination of MFA, encryption, immutable backups and MUA creates the strongest barrier we currently have available. It is always worth going the extra mile when protecting your company’s data. This ensures you can reconstitute back to your production servers after a cybersecurity incident or accidental data loss, and that you will not have to pay any ransom.  

 

 

Forgetting about your storage capacity 

 

One of the most simple but frequent mistakes made by cloud users is overestimating the capacity of their storage. The way we talk about the cloud often misleads users into thinking it is limitless; however, your backup capacity is capped by your budget. It is easy to forget when your cloud is due to run out of storage but doing so risks the loss of important data. What's more, scrambling to secure extra storage space at the last minute will likely come at an additional cost, not considered in the budget. 

 

To avoid this, storage capacity must be considered as part of a business’ overall cloud strategy. Forecasting growth, understanding your company’s capacity requirements and predicting when your use will ebb and flow will ensure you have enough space for continuous backups. Simultaneously, it also helps a company avoid paying for unused space and wasting resources. 

 

Cloud backups can quickly turn from a business assistance to a burden if not approached correctly. Learning from the mistakes of others and understanding where things may go wrong allows you to optimise your cloud storage in a way that best suits your business needs. Thoughtfully constructing a backup strategy involves proactively incorporating security measures and considering capacity requirements. By doing so you can rest assured in the knowledge that you are getting the most from your provider and are protected not only against bad actors but also the easy slip-ups from your own team. 

By Martin Hosken, Field CTO, Cloud Providers, Broadcom.
By Jake Madders, Co-founder and Director at Hyve Managed Hosting.
By Apurva Kadakia, Global Head for Cloud, Hexaware.
By Terry Storrar, Managing Director at Leaseweb UK.
By Cary Wright, VP of Product Management, Endace.