The most cited barrier to entry for cloud into the enterprise continues to be the security concerns involved with an infrastructure overhaul. Many IT decision makers are hesitating on making the switch to cloud as far as mission critical apps are concerned because of the unknown variables posed by cloud security risks. A KPMG report mentions that cloud security is still a top concern as IT executives look for ways to reduce costs. The report mentions that 45% of respondents said data loss and data privacy were their top hesitations in regards to cloud implementations. What exactly are the biggest cloud computing security risks that will emerge in 2015?
When data is lost, jobs are typically lost. When data is stolen, court cases could be filed and you may be required to submit a deposition or even testify in court. That isn’t fun for any data center administrator. That’s the harsh truth in the IT world and you wouldn’t want it to happen to you. With that said, using a cloud solution to host company data may not sound like a good idea. After all, you are putting your data in the hands of another organization so how can you be so sure that they will do what they say they are going to do? The natural progression of organizations is to put non-mission critical services into the cloud first in order to get a feel for the way cloud works. If any sensitive data is hosted in the cloud, you should always encrypt your data just to be safe.
What if someone steals the password to your IaaS service and begins deleting your virtual disks. Even if you have a service such as data geo-replication setup, these types of backups only work when something actually physically happens at the data center itself. These copies are not meant to be standard off-site backups.
Back in June, CloudWedge reported that Code Spaces was the victim of a cloudjacking attack. Code Spaces reported that while it did have cloud based back ups, it did not have on-site backups and the attacker also destroyed all of the backup data as well. How did it happen? Perhaps a Code Spaces employee had malware on their machine and the password was stolen by hackers. Perhaps a public computer that had a key logger installed stole the password. Some even speculate that a social engineering attack occurred. Whatever the case, protecting the password of your cloud and using two factor authentication methods is essential to protecting the privacy and integrity of your enterprise.