* By Antônio Silva
In fact, there are many threats that can disrupt your work and the overall performance of the organization, such as:
- Hacking Attacks
To work safely in cloud computing without thinking about cyber criminals is to forget the most worrying detail of the cloud. A malicious attack, which results in the loss of crucial data, is the main problem that large companies may face when adopting the use of this technology. If this happens, the institution may lose credit card data, payment reports, contractual information, etc. In order for the problem to be minimized, then, it is essential to have a supplier at your side who works with the best possible levels of security. This way, you guarantee that the encryption will be excellent, keeping your data well protected.
- Malicious employees
Companies constantly have their data leaked through former employees or malicious employees. There are several cases around the world, and we know that it is difficult to predict that this will happen. But you can, at the very least, create an access policy so that security risks in cloud computing are minimized.
Take an example: why would an HR employee need to know data about the IT network, and vice versa? Of course, on a rare occasion, someone from one sector may need information from the other, but in most cases, they may not. Therefore, the institution must have an access policy in which each employee will only be able to see what is his / her role. That way, a malicious person would have restricted access and would not be able to leak something very important.
- Shared logins
Imagine that an employee of the institution shares the login with another, so that this second can view the company data while traveling by plane. You might have imagined that this can be quite problematic if the device is stolen at the airport, right?
Yes, but this is still the least of the problems! In fact, the catastrophe can be much greater if either person is malicious, as it will be very difficult to know who caused the breach in the network to monitor the criminal.
In this scenario, implementing certificate authentication can be a great advantage of cloud computing security in your organization. Mainly for top management, which deals with more crucial data.
- Service provider bankruptcy
First of all, it should be made very clear that this is a rare event, but that it can still occur. Therefore, it is necessary to be protected, isn't it?
After all, where will your data go after bankruptcy? Will the databases be purchased by another company, who will be able to view them at any time? And how will they be discarded if they are not purchased?
All of these issues are very important, and must be previously described in the contract. Therefore, there will be no problems in this case - or in others, such as natural disasters, termination of partnerships, etc. In addition, it is worth mentioning that all functions related to security in cloud computing must be included in the contract, so that both parties know what their obligations are.
- Data sharing and location
It is very likely that your company will not be the only one to host your information with a service provider. So, what will happen if a hacker breaks into the network of one of the other customers who share the database with your institution?
Because of this, before closing the contract, it is necessary to know how the provider handles these cases and how he divides the information, checking if the encryption is completely adequate. And it can be important to note where the physical servers will be based. Often, it is not possible to have this information in accordance with the provider's cloud computing security policy.
Still, if you want to be subject to the protective laws of a specific jurisdiction, talk to it. Ask if they will be able to host your data in a specific location and, of course, if they will comply with the privacy requirements required by our country.
- Permanent data loss
Although service providers are already much more mature and aware of all the threats cited so far, this is still a problem that must be taken into account. After all, whether due to a hacker attack or a natural disaster, permanent data loss can be the end result of a catastrophe.
In general, providers have multiple servers to spread the data across many sources instead of putting it on just one. Therefore, if a data center is lost or hacked, the process can be restarted from another.
In addition, the backup routine is also of great use. But both measures must be provided for in the contract, so that you know how it will react to any of these events.
In fact, this is an extensive subject, so here we have seen just a few of the biggest security threats in cloud computing.
- Antônio Silva is GRC and Information Security Consultant at Safeway
SAFEWAY is an Information Security company, recognized by its customers for offering solutions of high added value, through Information Security projects that fully meet the needs of the business. In these years of experience, we have accumulated, with great pride, several successful projects that have earned us credibility and prominence in our clients, which constitute in large part, the 100 largest companies in Brazil. Today through more than 22 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology, processes and people solutions.