The Truth about Cloud Security (Hint: It’s Not What You Think)

“Cloud” and “security”: two words that should not appear together in the same sentence.

A study by cybernews found that as much as 79% of companies have experienced a cloud security breach.

In the past few years, we have seen a number of high-profile data breaches that were made possible by security lapses in the cloud.

The most infamous example is the Equifax breach, which exposed the personal information of over 147 million people. The breach was caused by a simple failure to patch a known security vulnerability in an Equifax application that was hosted in the cloud.

Other notable examples include:

• The 2014 iCloud hack that exposed nude photos of celebrities like Jennifer Lawrence and Kate Upton.
• The 2015 attack on healthcare insurer Anthem which resulted in the exposure of over 80 million patient records.
• The 2012 Dropbox data breach, that leaked over 68 million user account passwords (until 2016, Dropbox believed that only the email addresses were compromised).
• The 2017 Amazon S3 data leak that exposed the personal information of over 57 million customers and drivers whose information. (Uber bribed the hackers with a $100,000 payment to keep the incident quiet…)

Most of these breaches were caused by human error rather than by any technical flaw in the cloud itself.

For example, the Dropbox breach was caused by an employee reusing a password that had already been compromised in another data breach. The Anthem attack was made possible because an employee fell for a phishing email and accidentally gave attackers access to a critical database.

Despite the clear and present danger, many companies are still not doing enough to secure their data in the cloud. A survey by Symantec found that less than half of businesses have security measures in place for their cloud-based applications and data.

The biggest misconception is that the cloud is “inherently secure.” This is simply not true. The security of your data in the cloud depends on how you configure and use your cloud services. Employees working with sensitive data need to be trained in security best practices, and companies need to invest in robust security solutions that are specifically designed for the cloud.

I’ve heard of horror stories where admins stored critical passwords in plain text files on their bring-to-work laptops or even on post-it notes next to their monitors!

If you’re not taking steps to secure your data in the cloud, you’re putting your business at risk. Cloud security is not something that should be taken lightly.

Given the actual state of “cloud security,” I wouldn’t store anything in the cloud that I wouldn’t be comfortable with someone else seeing.

Grandma’s secret steak rub recipe in the cloud? No way! Unless you’re encrypting it, of course.

At the end of the day, it’s up to you to decide what level of risk you’re comfortable with. But if you’re not paying attention to cloud security, don’t say I didn’t warn you…