Your cloud applications might start off secure … but then your organization will start using them. Here’s how to keep things safe
If you operate a growing enterprise, chances are you have a range of applications that are hosted in the cloud. Given that a recent survey from RightScale revealed that 88 percent of organizations are using the public cloud, it’s essential for companies to prioritize protecting their online data at all times.
One way to safeguard critical data is through application encryption. While this step is always important in an enterprise environment, it’s also key to determine the threats that the encryption technology is meant to reduce. Many times, encryption alone may not be enough to protect data from attacks; a common misconception is that it completely eliminates these risks.
The top three threats to cloud applications
While this list is not comprehensive, three of the most common threats in the cloud storage space include:
- Data compromised by an insider
- Unauthorized access due to lax cloud provider operations
- Unauthorized access due to network infiltration
Beware of insiders – the most common threat to cloud application security
When many enterprise clients think of unauthorized data access, they envision sophisticated hacking networks that set out to infiltrate an organization. While this certainly happens, more often compromised information comes from employees who have access and improperly share data. A study from Intel Security indicated that 43 percent of all data loss came from internal employees, and half of these leaks were accidental.
In an instance where an insider is at fault, application encryption does little to protect a company’s critical data. The most effective ways to prevent these types of breaches are to encrypt and store data before it is made available to internal users, as well as closely review permissions and how it is shared.
Data risk due to lax cloud provider checks and balances
Once you’ve chosen a cloud provider to house your important data and applications, there are a variety of opportunities for this provider to either deliberately or inadvertently disclose your information. Common examples of how this can occur include malfunctioning firewalls, angry employees, compromised internal devices, or even bankruptcy of the provider, during which the provider’s assets may be auctioned off (possibly including your company’s data).
When data is being stored externally in the cloud, application encryption is incredibly important. There are primarily two ways that public cloud providers will provide encrypted storage: blind cloud storage and transparent cloud storage.
- Blind cloud storage: Data is encrypted on site at the cloud customer’s premises, and the provider has absolutely no visibility into any of the information.
- Transparent cloud storage: Data is still encrypted, but the cloud customer must provide either their own encryption keys or a second set that allows the provider access.
As you can imagine, blind cloud storage is more secure for enterprise organizations, but it does limit a cloud provider’s ability to provide value-added services over and above physical cloud storage.
Unauthorized access due to a network compromise
An area where encryption is absolutely mandatory has to do with any time that data is transported across an untrusted connection. There are widely-used standards that allow for information to be encrypted in transit including TLS. If a cloud storage provider uses raw HTTP to transfer critical data, you should likely look elsewhere for a more secure partner.
Application encryption is incredibly complex
We’ve touched on several of the key issues related to application encryption in the cloud. And understanding them is an essential first step to safeguarding your data. Unfortunately, when it comes to security, there are a number of additional complexities that make things challenging for many growing enterprises. We can help. If you’d like to learn more about how to protect your applications in today’s environment, give our team a call today at 800-860-2040 or fill out our online contact form to get in touch.