Is your cloud data storage as secure as you think?
In recent years, more organisations have relied on one of the many cloud hosting options. Cloud hosting is attractive; it negates the need to maintain and replace server capacity. It is also generally the more cost-friendly data storage option. However, there’s also a misguided trust around cloud storage security. The cloud is not immune from cyberattacks; in fact, in 2020, the cloud environment accounted for approximately 20% of declared cyber events.
The popularity of many leading cloud services also makes them a target for criminal cyber activity. Notably, now, some commentary asserts that cloud storage can be more vulnerable than traditional on-site server configurations. Misconfigurations between the Cloud Service Provider, the applications being utilised, and end users create security misalignments that can be exploited. IBM’s X-Force Threat Intelligence Index 2024 noted that “The most observed risk across client environments globally was security misconfigurations”.
As a precautionary measure, we suggest all organisations that have their data cloud-hosted consider the following:
Cloud Deployment Security:
Ensure that their cloud deployment applies consistent security measures from the provider through all platforms used by the end-user
Continued IT Security:
Their continued application of all basic measures of IT security. These include, but are not limited to, multi-factor user authentication and strict password hygiene protocols.
Cyber Insurance
Giving serious thought to cyber insurance. Ensuring it reflects their reliance on the cloud provider and achieving confidence that it will respond appropriately if needed.
Cyber insurance is crucial for businesses that handle customer data or store information online. It provides financial protection against incidents like data breaches, system hacking, and ransomware extortion. There are two main types of coverage: first-party coverage, which handles costs related to the incident, and third-party (cyber liability) coverage, which protects against lawsuits from third parties due to cybersecurity incidents.
