Cloud Security Risks Mostly Come from Employees
With the many companies and organizations moving a majority of their data networks to the cloud, there is an oft-overlooked and underestimated danger in the midst of the current exodus to cloud computing: risk of cyber security breach from within. And, while it’s not something CEOs or other executives want to face when busy with inherent IT issues that affect their enterprise’s productivity and bottom line, the cloud security hazard from within is there all the same. This all begs the question, “Who exactly will be working in the cloud, and have access to sensitive company data?”
There are widely-varying percentages of “knowledge workers” across the various industries who will be assigned special access permissions in the cloud. Even if it’s only 1% of your staff that receives the special access permissions, it’s just as important to closely monitor and track their navigations in the cloud, because, according to Cisco and Microsoft partner 365 IT Solutions, “1% of users are causing these cyber security issues for organizations.” 365’s words reinforce those of a 2016 Gartner Report on cloud computing: “The adoption of sanctioned enterprise cloud services should be slowed until security and data sovereignty issues can be resolved.”
No Industry is Immune
Cloud migration is happening across the board, affecting multiple industries that do business through Web- and cloud-connected data networks. In one study, done by a company called CloudLock, some common cloud security “concerns” were seen in such high-risk industries as K-12 education, retail, higher education, government, technology, manufacturing, healthcare, and financial services. The common red flags observed in the study included:
- Compromise of the account
- The presence of cloud-based malware
- Excessive or inappropriate data exposure
- Compromised or over-exposed personally-identifiable information (PII) or payment card information (PCI)
- Unauthorized collaboration
And, as Tech Republic stated, in sharing further statistics found in the study, “Exposure risk was also high among the industries studied. On average, 1% of users represent[ed] 71% of organization-wide exposures and 74% of public exposures.”
There’s that 1% figure again, proving that even with having only a slim minority of your staff navigating cloud platforms, the security risk is still great, warranting having just as much security protocol in place as for having the entire company in the cloud.
Fighting the Risk from Within
So, how to companies take effective measures to reduce employee-caused cybersecurity breaches? Here are some methods that enterprises need to adopt in order to remain safeguarded from cyberattack-from-within and, in effect, remove any incentive to breach or expose company data:
- Scale security policies to fit the proliferation of file-sharing user permissions
- Implement timely employee training on how to avoid malware and phishing schemes
- Teach employees/cloud users to avoid using unauthorized applications
- Enforce proper password policy, such as hashing or two-factor authentication to avoid the use of old passwords
- Enforce also cloud security protocol by way of ingrained company policies and best practices
Questions About Cloud Security?
If you have questions or concerns about cloud security, NYNJA is the leader in providing managed IT services and consulting in New York / New Jersey. Contact our expert IT staff at NY (845) 664-4357, NJ (201) 785-7800 or send us an email at info@nynja.com regarding how to get better cloud security, and we will be happy to reply.