6 minute read
Cloud computing in the Covid-19 era Threats and solutions
McAfee: There’s a correlation between rising cloud usage and increasing cloud-focused cybercrime events.
In its “Cloud Adoption & Risk Report – Work from Home Edition”, published on businesswire.com on 27 May this year, global cybersecurity expert McAfee says there’s a definite correlation between the pandemic-driven increased use of cloud services and a rise in cloudfocused cybercrime.
Advertisement
It’s a “significant and potentially longlasting trend” that emphasises the need to tighten cyber security in the new normal “work-from-home environment”, it warns.
“While we are seeing a tremendous amount of courage and global goodwill to overcome the Covid-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption created by an increase in working from home,” said Rajiv Gupta, senior vice president of Cloud Security at McAfee, adding: “The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior.”
McAfee’s research shows that in the last few months, the use of cloud services spiked by 50 per cent in certain industries, that take-up of cloud collaboration tools increased by close to 600 per cent in the education sector and that “threat events from external actors increased by 630 per cent over the same period. “Most of these external attacks targeted collaboration services like Microsoft 365, and were large-scale attempts to access cloud accounts with stolen credentials. Access to the cloud by unmanaged, personal devices doubled, adding another layer of risk for security professionals working to keep their data secure in the cloud,” he said.
Microsoft: A rapidly evolving world of threats
It’s a “rapidly evolving world of mobile threats” says Rob Lefferts, corporate vice president of Microsoft 365 Security, in a recent blog. “One of the biggest and fastest growing threats on mobile is phishing attacks, the majority of which happen outside of email, such as via phishing sites, messaging apps, games, and other applications, and are tricky to spot on smaller form factors. Other common mobile threats include malicious applications that users are lured into downloading, as well as increased risk introduced by rooted devices that may allow unnecessary escalated privileges and the installation of unauthorised applications.”
Thales: The challenges of a multi-cloud world
Before the Covid-19 crisis, says Tina Stewart, vice president of Global Market Strategy at the Thales Group, IT professionals and their support staff generally operated either on site or in the cloud. “But in the short span of a few weeks,” she says in her blog IT departments became responsible for protecting sensitive data that emanated from people’s homes “over unknown routers, various wifi connections and personal computers.”
According to the 2020 Thales Data Threat Report-Global Edition, half of all corporate data is now stored in cloud environments and almost half of that data is considered sensitive. This “multi-cloud world” presents enormous security challenges, says Stewart. The report “clearly demonstrates that unprecedented amounts of sensitive data are being stored in multi-cloud environments by organisations all over the world,” she says. “Having the right cloud security in place has never been more critical. As 5G networks are rolled out, IoT (Internet of Things) continues to expand and quantum computing creeps closer to becoming a reality, organisations must adopt a more modern data protection mindset. The first step towards protecting sensitive data is knowing where to find it. Once classified, this data should be encrypted and protected with a strong multi-cloud key management strategy.”
CloudPassage: A fog of uncertainty
Carson Sweet, CEO and co-founder of CloudPassage, concurs in a press release saying that soaring demand for cloud services on the back of the Covid-19 pandemic is affecting security information teams around the world. “We’re hearing stories about teams being crushed by accelerated cloud adoption plans, which have to be managed on top of existing security requirements–all while budgets and staff are being cut and attacks are on the rise.” He adds: “The economic impacts of Covid-19 will not be short-lived. We’ve barely begun to understand how our day-to-day activities will change and how a completely new way of living and working will impact how businesses operate. And the pandemic itself has not run its course.”
In this “fog of uncertainty”, he says there are two main tenets. One is that “cloud-centric technology strategies will be critical for pandemic preparedness. Companies across the board are aggressively accelerating cloud adoption plans, both to mitigate the current crisis and prepare for the next one.”
And two that: “Spending discipline is tighter than ever and will stay that way for the foreseeable future. Technology owners are under enormous pressure to reduce costs, negotiate more flexible purchasing terms, and consolidate products to maximise investment value.”
CipherCloud: A cat and mouse game
Ishani Sircar, product marketing manager at CipherCloud, writes in her blog of an ongoing cat-and-mouse-game of data breaches and security controls and a year that’s being defined by widespread remote working. Messaging and collaboration apps such as Zoom and Teams and email clients such as Outlook and Gmail have seen “astronomical growth” she says, with the concomitant concerns around securing the remote workforce while ensuring business continuity.
CC SI: Five critical elements of modern-day cloud data protection
If you’re storing customer data on the cloud, then you have an obligation to protect that information, says cybersecurity writer Kayla Matthews in her blog on the Contemporary Computer Services Inc (CCSI) website.
She lists five key elements required to protect modern-day data on the cloud including:
1. Multifactor authentication (MFA): to control access to the cloud using a combination of identifying measures such as passwords and input codes sent to staff phones. “Alex Weinert, group program manager for identity security and protection at Microsoft, said the company’s internal data shows that MFA stops 99.9 per cent of automated attacks on accounts,” says Matthews, adding that it’s a “simple but effective step in boosting security”.
2. Encryption: It’s critical to choose a cloud service provider that automatically encrypts uploaded information and to invest in third-party encryption tools with password protection, all of which make it more difficult for hackers to access sensitive data.
3. Cloud security audits: Doing regular audits will expose weaknesses and areas that require improvement.
4. Proper access controls: “When used well, the client information you collect and store in the cloud can enhance their experiences, but it needs to be safeguarded and only available to those who need it to do their jobs. “According to the 2019 Global Data Risk Report from Varonis, 53 per cent of companies had at least 1,000 sensitive files accessible to everyone, and each person could access an average of 17 million records in total. As mentioned earlier, cloud computing lets authorised users access archives from anywhere. But that doesn’t mean they should. Spend time putting controls in place so that people can only open or otherwise use information directly relating to their business role. Failing to do that could mean employees have too much freedom to work with cloud-stored files, and the risk of insider misuse or breaches goes up.”
5. Regular training sessions: It’s vital to have an effective cloud security strategy in place and to supplement this with regular staff training sessions around the best practices around the evolving cloud landscape.
