Our Blog: Stuff we think you should know

The Cloud Isn’t Necessarily Safe

The Cloud Isn’t Necessarily Safe

The Cloud. That big, vague entity where a lot of us our entrusting our information has lifted a huge burden off of businesses by alleviating the need for expensive onsite hardware. It makes user management a little more user friendly. It keeps us connected and in communication no matter where we are.

It’s pretty great, right? With every silver lining, there is a darker, more dreary side. For cloud computing, it’s the fact that, like all technology, it is not inherently secure.

The Cloud is (Basically) Just Someone Else’s Computer

When you connect a computer to the Internet, you invite outside entities to try to infiltrate it. Viruses, malware, unpatched vulnerabilities, and other threats can creep onto an unprotected device and take over. This could lead to data theft or data loss. That’s why we all know to use antivirus and avoid using outdated software. That’s why we don’t install random software or visit sketchy websites. I’m pretty confident my reader base knows the drill here.

The cloud is essentially no different. It’s just a computer or an array of computers connected to the Internet. If it isn’t properly protected, it can be compromised. 

If you use Google’s G Suite platform and your email is handled through Gmail, and you are storing files in Google Drive, then you are simply using Google’s computers to do so. If you are using Microsoft 365, then you are storing your email and data on Microsoft’s computers.

*Side note, I miss being able to refer to anything related to Microsoft as belonging to Bill Gates. I’d love to be able to tell clients that they are using Bill Gates’ computers to store their Outlook. Maybe I just still haven’t come to terms with the fact that he stepped down from Microsoft back in 2006.

The point is, while we can typically trust these massive services to handle our data correctly, we still need to be aware that we are depending on them to do so.

On a smaller scale, you might use a local web hosting company, or you might pay to host a server at a smaller data center. The same applies - you are relying on this third-party to keep you safe.

My gut tells me to be skeptical whether I’m entrusting a major corporation like Microsoft or a small company with a data center, but at least with Microsoft I know that millions of others are using the service.

The Cloud Isn’t Always the Fast Path to Compliance

Complying to industry standards like PCI DSS, HIPAA, and the GDPR can be a big undertaking, especially for smaller businesses. Often, a nice big step towards compliance can be to rely on a third-party who focuses on hosted environments that meet those compliance regulations. This means that moving towards the cloud is often a win, but you need to read and understand the fine print before you simply pull the trigger.

For example, let’s say you are storing names and credit card numbers. You absolutely need to keep this data encrypted and control who has access. If your cloud host can get around that and employees can access the data, you might not fall under certain compliances. 

When it comes to protecting the data of your customers, there are a lot of moving parts and considerations, so spending a lot of time upfront and ensuring that your cloud solution can handle this, AND doing regular checks will have to become a way of life.

Like Anything Else, It’s Only as Secure as Its Weakest Link (Sorry, End Users)

Ever play Jenga, where you have to carefully pull blocks from a stack while trying to prevent the entire tower from falling over? Each time someone picks at it, there is a greater risk of the whole thing toppling down. The more hands that get involved means the more likely that things will go wrong faster.

Security is like that too. An end user could accidentally share a folder or set it to public. They could have a weak password, or use the same password on multiple sites. They could lose their mobile device and inadvertently give someone else access to everything.

Fortunately there are policies and settings around most of the obvious threats these days, but whether or not they are enforced is a whole other thing.

Who’s Responsible For Protecting My Cloud Hosted Data?

When it comes down to compliances, it’s really up to you. YOU have to protect the sensitive information of your employees, your customers, and your prospects.

That doesn’t mean you are alone. The IT security experts at Haber Group can help audit your IT, whether it is onsite or in the cloud, and help you meet compliances. We take protecting the sensitive data of you, your staff, and your clients very seriously.

Tip of the Week: How to Keep Control of Your Cloud
How the EU’s General Data Protection Regulation is...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, July 18 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Cloud Privacy Email Hackers Business User Tips Microsoft Business Computing Malware Network Security Hosted Solutions Computer Google Software Productivity Internet Communication Tech Term Data Small Business Ransomware Mobile Devices Efficiency Backup IT Services Hardware Workplace Tips Cloud Computing Windows 10 Smartphone Data Recovery Android IT Support Microsoft Office Saving Money Productivity Office 365 Upgrade Managed IT Services Gmail Browser Data Management Business Continuity Information Facebook Users Windows Social Media Word Data Backup Innovation Internet of Things Managed IT Services Server Mobile Device Phishing Passwords Miscellaneous Disaster Recovery Smartphones Outsourced IT Windows 10 App Artificial Intelligence Encryption Network Chrome Employer-Employee Relationship Vulnerability Cybersecurity Business Management communications Remote Monitoring Managed Service Provider VoIP Apps Office Tips Tip of the week Hacker Money Content Filtering Managed Service Big Data Government Infrastructure Save Money Gadgets BYOD Applications Spam Apple Website Analytics IT Support Virtual Reality Tablet Paperless Office Robot Settings Firewall Antivirus Printing Two-factor Authentication Automation Employee-Employer Relationship Bandwidth Unified Threat Management VPN WiFi YouTube Access Control Avoiding Downtime Education The Internet of Things Router Development Risk Management Virtualization Wireless IT Management Data storage Display Maintenance Augmented Reality Customer Service Scam Outlook Business Intelligence Monitors Safety SaaS Solid State Drive Hacking Networking Downtime Company Culture Hosted Solution Operating System End of Support Hard Disk Drive Holiday Data Security Bring Your Own Device Presentation Computing HIPAA Password Data loss Business Technology Google Drive Search Chromebook Virtual Private Network Mouse Vendor Management Office Wireless Technology Collaboration IBM Server Management Recovery OneNote LiFi Document Management Administration Touchscreen Computers Mobile Device Management Storage Customer Relationship Management Mobile Security Telephone Systems Retail Wi-Fi Laptop Quick Tips Multi-Factor Security Mirgation Automobile Voice over Internet Protocol Entertainment Bluetooth Going Green Social Engineering Microsoft Excel Star Wars G Suite 5G Desktop Data Warehouse Refrigeration Staff Cortana Shortcuts Social User Dark Web Nanotechnology Halloween Spying Solid State Drives Corporate Profile Fun Optimization Streaming VoIP Typing Public Speaking Cyber Monday Social Networking Analysis Employee-Employer Relationships Language USB How To Deep Learning Humor Competition Google Calendar Chatbots FinTech iOS Blockchain Cost Management Troubleshooting Printer Wearable Technology Security Cameras IT service Heating/Cooling Hacks Net Neutrality Screen Reader Remote Computing Scary Stories National Security WannaCry Recycling Human Error Time Management Cryptocurrency Smart Technology Motherboard Update IP Address Cybercrime Students Budget Computing Infrastructure Dongle Firefox sip Legislation Identity MSP Scalability Cabling How To Permissions Assessment Undo Digital Payment Knowledge Managing Stress Managed Services BDR Servers FCC Smart Tech Sports PowerPoint Updates Politics eWaste Device Network Management Bitcoin Network Congestion Distributed Denial of Service Mobile Office Mixed Reality Marketing Alerts Service Level Agreement LED Techology Best Practice telephony Comparison Migration Managed IT Information Technology Application Fraud Internet Exlporer Google Docs SharePoint Private Cloud Experience Cables Unified Communications Laptops Google Maps Writing Title II Connectivity Onboarding Digital Lenovo Tech Support Continuity Mobility Windows 8 Managed IT Service Modem Running Cable Slack Data Breach Mail Merge Licensing Smart Office Virtual Desktop Co-Managed IT Unified Threat Management Business Growth Specifications Compliance File Sharing Charging Disaster Shortcut Business Analysis Google Wallet Value Computer Care Downloads IT Technicians Wires Software as a Service Statistics Current Events Online IoT Samsung Buisness Digital Signage GDPR Spyware Superfish Cooperation Websites Identity Theft Solar IT solutions Print Toner Break Fix Cookies Lithium-ion battery Monitoring Hard Disk Drives Address Legal Hard Drives Work Content User Error Alt Codes Dark Data Black Friday Regulations Messaging Uninterrupted Power Supply Patch Management Drones Hotspot Professional Services Training Notifications CrashOverride Botnet Supercomputer Twitter Motion Sickness Unsupported Software Gadget Staffing Personal Information Administrator Crowdsourcing Taxes Machine Learning IT Budget Web Server Emergency GPS Mobile Data Computer Repair IT Consultant Printers Relocation Processors Cameras Tracking Meetings Health Cleaning Mobile Computing Alert CCTV Emoji Webcam Physical Security Electronic Medical Records Windows 7 Upgrades Work/Life Balance Error Black Market Point of Sale Domains Travel Regulation 3D Printing Law Enforcement