Security challenges posed by cloud computing for a business
The advent of cloud based solutions has offered many businesses around the world a more effective way to carry out business operations. As great as cloud computing is, there are still risks involved with its usage, which businesses need to be aware of in order to take the appropriate measures.
Some of the security challenges in question include the following:
Loss or theft of intellectual property
More companies and employees are beginning to store sensitive data in the cloud. On the surface, this might not be a bad thing and can actually prove to be more convenient, as such data can usually be accessed from anywhere, at any time. However, cloud-based file sharing services - especially third party ones - are not impregnable and can fall victim to cyber criminals, who will then have access to the aforementioned sensitive data.
Evidence of this security challenge can be seen in the recent incident involving Slack and LastPass. Aside from the danger of hacking, there’s also the risk of a cloud-based file sharing service issuing terms and conditions that let them claim ownership of the data uploaded to them. This can lead to complications for a business or its employees who use such a platform to store intellectual property, without first understanding the terms and conditions of the service provided.
Breach of compliance laws and regulations that might lead to regulatory actions
Usually, a company’s operations are governed by the regulations passed by law. Such regulations often cover how a business stores and manages its information, especially if they are in possession of a lot of sensitive customer data. These regulations usually specify that a company must know exactly where such information is stored, who has access to it, and how it is protected. In the event employees are using their personal cloud based tools to handle such sensitive data, this can amount to a breach of regulations; as such data would be handled by third parties that the company’s management are not aware of. In a crisis, an employee’s use (past or present) of personal cloud tools to handle such data can lead to serious legal repercussions, as the company might be regarded as non-compliant.
Breach of contract with customers or business partners
A contract between a business and its clients might restrict usage of the other party’s data, as well as who has access to it. As in the above scenario, if employees of a company innocently move such restricted data to the cloud without any authorisation, this can amount to a violation of the business contract and lead to a very costly lawsuit.
Location of data
For instance, a business with a NZ domain which uses cloud computing services might (unbeknownst to them) have its data stored in a completely different geographical location. This vagueness concerning where a company’s data is actually stored when using cloud services should not be taken for granted, as this can lead to unforeseen complications further down the line. For instance, the data belonging to a New Zealand based company might not be governed by the laws of that country, but by the laws of the country where the cloud data servers are located. In such a scenario, problems might arise if the laws of the country where the data is being stored are more lax or different from those of the country where the company is based. To avoid this, businesses should endeavour to verify exactly where their data is being stored and what security and privacy laws will actually apply to that data.
Cyber criminals are becoming even savvier and have developed a variety of ways to use cloud based services to their advantage. For instance, attackers can encode data into a file and upload it to a cloud based service. The file might contain malware that’s been designed to extract specific sensitive data from anyone who accesses it. If a company’s employees access such a file, it can put the organisation at risk. Cases of such attacks have been witnessed on YouTube and Twitter.
Diminished customer trust
When the uploading of sensitive data to a cloud based system leads to a data breach, this can mean an inevitable decrease in the trust customers place in a business. In certain instances, a different company within the same industry (suffering a breach due to cloud usage) can lead to unease among the customers of a similar company who also use cloud based services.
Once customers suspect that their stored data might be in jeopardy, their immediate reaction will likely be to move to a company they believe to be more reliable. Recently, there has been an increasing clamour for individuals to avoid patronising cloud companies or those that use cloud services, but don’t guarantee protection of customer privacy.
In relation to the above, distrust on the part of customers can lead to significant revenue losses for a business. Take the case of Target for example, who suffered a data breach that exposed the sensitive information of several of their customers. This resulted in shoppers staying away from Target, which in turn led to the company suffering losses during what should have been a peak sales period.
Most businesses have no idea how many of their employees are privately using cloud based services to handle sensitive data and fulfil office duties. If companies can get a forge a better understanding on how their employees handle data and what tools they use, the security challenges faced when using cloud services can be significantly reduced. In order to be able to take appropriate measures, businesses need to understand exactly what data their employees are dealing with and to which cloud services they are being uploaded.