Buying space on cloud servers is not enough to secure data say cyber security experts

• Cloud servers are what every digital company turns to for storage of data.
• But cloud is not completely safe from breaches.
• Cyber security experts share why cloud is not always safe and secure.

Digital businesses are in constant danger of cyber attacks. And, more often than not, the answer to securing their data has been – cloud storage. As this option which allows security along with agility to businesses, large tech players like Microsoft, Amazon, Google, Oracle are raking in big money with their cloud services.

But really, how safe is data on the cloud?

False sense of security

With cloud storage, your data is stored in a hardware in a remote location which can be accessed from anywhere, online.

“Cloud is based on what is called shared responsibility model. The cloud provider will protect their own infrastructure but what you put into the cloud you have to protect it. Ah! I have put it in that cloud and so I can sleep better at night, I think that’s a false sense of security. You have to do your part as part of that shared model,” Sean Duca, the chief Security officer for the Asia-Pacific region for Palo Alto Networks told Business Insider.

Duca also said that because of this false sense of security a lot of people have found themselves falling prey to data breaches that accidentally expose information.

You are responsible

Attackers too are developing new and innovative ways to hack in. So, for organizations it becomes important to have accurate visibility of their services, their configuration settings, and be alert to malicious or accidental changes that could leave data vulnerable.

“Public cloud providers will ensure the security of cloud, the physical security at the data center, and separation of customer data and environments. But anything you run, or store in the cloud is the responsibility of the organization to secure. If you leave database ports open to the public internet, or allow public access to data storage services, then that’s on you,” said Sunil Sharma, managing director sales, Sophos India & SAARC.

Misconfiguration is the most common reason for data breach

A recent survey by Sophos, ‘Exposed: Cyberattacks on Cloud Honeypots’, revealed that cloud servers in Mumbai were subjected to 13 attempted attacks per minute, per instance. And experts say more often than not, there is a simple reason for these breaches – misconfiguration.

“Cloud is as secured as you configure it to be. Clouds are secure, but organizations are often not using them securely. Misconfiguration has been the most common reason behind a cloud data breach,” said Prateek Bhajanka, Sr Principal Analyst, Gartner.

He added that just having bought cloud storage will not solve all the problems but an organization should also understand how to keep it configured in a secured manner throughout its lifecycle.

Secure your data on cloud

Organizations have to take active measures to secure their data even after it is transferred to the cloud. These measures come in over and above the security standards offered by the cloud service provider.

“For example, organizations can implement different levels of security solutions for data protection based on regulatory mandates, business criticality and scenarios such as whether data is at rest or in transit,” said Neelesh Kripalani, Sr. VP and Head – Center of Excellence (CoE), Clover Infotech.

Kripalani added that mandatory security levels are provided by global Cloud service providers such as AWS, Microsoft, Google and Oracle. However, depending on the criticality of applications and business needs, organisations may choose to additionally secure their applications data on the cloud by adding multiple security layers.