TL;DR: The rush to migrate business apps to the cloud is causing the IT pros charged with securing their company's data to reach for the reins. Best practices are being developed that extend your organization's network security plan into the cloud. It all starts by understanding the new threats posed by today's more-sophisticated cyber-criminals.
The reality of modern data security is that your network will be breached, and almost certainly has been breached already. Lost or stolen passwords, disgruntled employees, misplaced laptops containing sensitive information -- no organization is immune from unauthorized access to its sensitive data.
In a September 11, 2014, article on Forbes, security expert Lior Div turns the conventional wisdom about data breaches on its head by skewering five data-security myths. Here are Div's facts:
- You must act as if your network has already been penetrated because no data perimeter is impervious.
- Cyber-criminals target specific organizations, not those whose defenses are leakiest.
- Attackers look for data about your defenses and are adept at anticipating and thwarting your response.
- Once they've gained access to your network, the bad guys stick around, waiting for the next opportunity to help themselves to your data and resources.
- A fast response is rarely the most effective response because the true threat to your network will likely become evident much later.
IT departments adopting cloud services need to extend their network security plan outside their data centers. Your cloud-security strategy extends to mobile devices and public Internet services such as Google and Facebook. A recent survey of tech executives found that one-third of the businesses planning cloud apps in the next 12 to 24 months don't have a network security plan in place. The survey results are examined by eWeek's Nathan Eddy in an October 1, 2014, article.
Devising your own security best practices for cloud data
It's no surprise that security concerns are the primary reason organizations hesitate to move their vital data to cloud services. In a recent TechTarget article (registration required), Brien Posey lists the five greatest threats to cloud data: the service fails to secure it; the service's own employees access it; costs are difficult to track; recovery is slow due to Internet bandwidth limitations; and the cloud provider becomes a single point of failure.
The BitCan cloud storage service addresses these concerns. BitCan encrypts your data at both the communications layer via SSH, and at the storage layer. You get 24/7 access to your data via an easy-to-use console that requires no client-side installs or plug-ins. If your data resides behind a firewall, client-side installs are available to still allow BitCan access to your data.
BitCan supports heterogeneous MongDB and MySQL databases, as well as Unix/Linux files and systems. Visit the BitCan site to sign up for a 30-day free trial.
A major step in helping IT departments overcome their distrust of cloud services is the development of best practices for the technology. In a September 19, 2014, article on ZDNet, Ram Lakshminarayanan reports on the Cloud Security Alliance's work toward establishing cloud-security best practices.
The alliance identified seven risks to cloud data: lack of stringent registration and validation to prevent use of cloud services to commit fraud and other crimes; lack of API gateways to serve as application-layer control points; compromise of the hypervisor layer in multi-tenancy environments, which could allow a co-tenant to take control of the entire infrastructure; data loss due to 1) breach and 2) malicious erasure or alteration; breach due to social engineering that captures user IDs and passwords; internal attack by an employee; and cloud services that fail to communicate their security policies.
With planning and persistence, your cloud-security strategy can actually make your data safer in the cloud than it is in your data center. The keys are to integrate security with all other operations and leverage the expertise of cloud-security professionals, which is the greatest value of BitCan's service.