When someone broke into Apple’s iCloud service and leaked private photos belonging to several celebrities, including topless shots of actress Jennifer Lawrence, it triggered predictable media-driven fears about the security risks of storing data on the cloud.
In the end, it turned out that the breach was caused by an entirely preventable security lapse. In this case, the perpetrator, who was able to access at least 50 iCloud accounts and 72 Gmail accounts, many of which belonged to female celebrities, used phishing emails that appeared to be from Apple and Google to trick victims into providing usernames and passwords.
Still, that’s not to airbrush the severity of high profile attacks against cloud storage systems. Weakly defended cloud storage offers a rich target and opportunistic hackers will launch attacks if they can detect a vulnerability in a company’s security network.
And with the amount of sensitive enterprise data stored on clouds being exponentially larger with each passing year, companies clearly need to vigilantly oversee their cloud storage practices. Unfortunately, there’s still lots of room for improvement in that area - which is why, when it comes to the processing and storage of customer data, managed service providers shouldn’t hesitate to get preachy about preaching the basics.
It’s 10 p.m.: Do You Know Where Your Data is?
Among the myths that have attended the spread of the cloud, one of the biggest is that it’s inherently less secure than on-premises computing. But while that assertion has proved demonstrably false, a surprising number of executives have little confidence in their IT teams' knowledge of cloud storage providers, according to Blancco Technology Group.
Blanco found that only 15 percent of companies conduct audits of the cloud providers storing their corporate data. That’s a potential harbinger of trouble. And there are others.
Consider this: Less than half of the software applications that organizations store in the cloud are approved, or even known and sanctioned by IT. What’s more, most enterprises either have not or do not know whether they even inspect their own cloud services for malware.
It’s hard to protect data when you don’t know where it’s being stored. Yet the practice of shadow IT, where departments wind up using products from multiple vendors without informing IT and without prior approval, is now rampant. Here’s where experienced MSPs can intervene to help their clients to develop sensible policies and procedures - including defensive measures - that protect the organization’s cloud data.
At the same time, they need to hammer home the message that management must get aggressive about providing ongoing education. That’s the only way to raise security awareness of the constellation of threats now facing the company’s cloud storage infrastructure.
With valuable data often winding up being stored outside of the company's security perimeter, the organization needs to make sure employees follow carefully designed controls that enforce security. And not just employees - the same should apply to any third party suppliers of cloud and file sharing services.
Human error is an unavoidable part of life. Still, MSPs should communicate how important it is for companies to explain the full range of potential risks that exist, so employees follow accepted procedures for sharing and storing information in the cloud. And as more organizations allow employees to use their own personally owned devices, there’s added incentive to make sure that enterprise data isn’t inadvertently exposed to outside cloud services or other third parties.
If they get their clients to understand what it takes to lock down cloud storage security, MSPs will be worth every penny they’re getting paid.
This content is underwritten by VMware -- and is editorially independent. It is produced in accordance with conventional standards of business journalism.
Charles Cooper is an award-winning freelance author who writes about business and technology. During his 30-plus year career, he has worked as an executive editor at several leading tech publications including CNET, ZDNet, PC Week and Computer Shopper.