Data Backup Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

The Biggest Cloud Security Risks May Be Its Users

Despite tremendous interest in the cloud from all corners of industry and business, it still faces some significant hazards and threats. Hackers, potential identity thieves, and the rise of ransomware are all serious issues – but they're just the tip of the iceberg. Other challenges include data breaches, unexpected data loss, unsecured APIs, access management and many more.

Analyzing and Addressing the Biggest Threat

But the biggest threat of all, according to recent reports, is the users themselves.

It's easy to see how a disgruntled or former employee might wreak havoc on a system. If they're login credentials are left active, or if a system is unsecured in the first place, they can do significant damage – and incidents like this have occurred in the past.

But users don't even need bad intentions to expose mission-critical data or allow a virus into a system – there are plenty of accidental occurrences, too. Whether this is chalked up to a lack of proper training or sheer forgetfulness is moot after the damage has already been done.

Jason Hayes, a principal with Point B, a popular technology consulting firm, explained the issue in a more candid manner by saying: ''"Our biggest threat in the security space always has been and always will be our end users. The risk is that employees, typically without malice, will expose company data and information -- going to a Starbucks with a laptop, downloading illegal movies and stirring a zero-day threat, which makes its way past the company's antivirus software. "Then, they bring that back into the corporate office, and all of a sudden that malware has access to our corporate data."''

Eric Barricklow, CISO with the New Hampshire Army National Guard, echoed Hayes' statement. Individual users present an ever bigger challenge in temporary and provisional roles – like the National Guard. Since most of those serving in the National Guard are doing so on a part-time basis, it's easy for them to forget certain rules regarding access, classification and storage. The same can be said for workers in other temporary positions.

Barricklow highlighted his primary concerns by stating: ''"Trying to ensure that the data is used in the appropriate manner, the data classification and the data use, and ensuring that users don't inadvertently start to share that intellectual property, trying to maintain the nondisclosure agreements."''

Online risks come from all sides and angles – the cloud only adds even more avenues to protect and safeguard. While it can be done, it often requires a strong collaboration between the most strategic and accomplished risk managers and knowledgeable IT pros.

Managing the Risk

Like all new enterprise systems, the cloud requires consistent risk management. When done properly, a new cloud integration can actually be safe and secure. Start by establishing a set of standardized policies and procedures and move forward from there. Not only does this provide the opportunity for self-analysis and self-assessment, but it also lets everyone start on the same page before advancing to the more advanced concepts and functionality of cloud computing.


No comments yet. Sign in to add the first!