The Biggest Threat to Cloud Security

The benefits of cloud computing to help companies quickly gain capability and scale to business needs make good sense. Cloud services have the potential to lower costs, find efficiencies, improve access to resources and consolidate operations. Cloud technology providers know that the success of their services is dependent upon security, so they invest in systems that provide layers of protection that are not easily scaled. Unfortunately, the biggest threat to cloud security isn’t from the hackers who seek to penetrate the cloud exterior; it’s from employees who have bad habits and are not trained in proper cybersecurity policies and procedures.

Humans and Cloud Failures

In their report “Top Predictions for IT Organizations and Users for 2016 and Beyond,” Gartner stated, “through 2020, 95 percent of cloud security failures will be the customer’s fault.” That’s not to say that cloud technology suppliers can ever give up their vigilance in updating their platforms to manage vulnerabilities as they emerge. Control and visibility to IT are essential for the successful utilization of the cloud, but people often sidestep IT, deliberately or inadvertently, with behaviors that open up gaps in cloud security.

Access to Accounts and Data

Social engineering is the manipulation of a person to break through normal security procedures, and it's on the rise. These criminals prey on people’s emotions, sense of loyalty or obedience to authority to get them to do something like provide access to corporate accounts or data. Lack of attention can provide an opportunity for attack. Many people still ignore the need for passwords that are strong and regularly changed. When completing work on an online program, people often don’t log out. When employees leave the company, they might still have access to Software-as-a-Service (SaaS) accounts where they can take or change data. Managers might not realize that they are giving inappropriate access to files and operations when they give employees more privileges than they need to do their jobs.

Visibility of Services and Devices

People are used to using smartphones and online software in their everyday lives, and they can be impatient about waiting for the same kind of experience at work. Sometimes, employees or departments sign up for services independently, leaving IT in the dark about the additional locations where employee accounts and corporate data can be found. The practice of Bring Your Own Device (BYOD) might seem like a cost-saving measure to companies, but unless there is a form of security on the device, corporate information in the cloud (or the network) could be accessible to whoever has the device.

Shared Responsibilities for Cloud Security

The responsibility for keeping company information secure rests with both the provider and the company accessing the cloud services. In their “Shared Responsibility Model” for PaaS, Amazon Web Services states that they will manage the cloud's security while security in the cloud is the customer's responsibility. Similarly, businesses should choose cloud providers they can rely on for secure services while recognizing the need for their organization to establish and enforce effective security policies and procedures along with the continuous training that is needed to keep safety top of mind.