Are You Guarding Against Cybercrime in the Cloud?

IT - CybercrimeBy: Dr. Satyendra Kaith, Adjunct Professor, Purdue Global School of Business and Information Technology

From finance to retail, cloud-based solutions are redefining the way organizations across industries store and secure corporate data. This has meant a productivity boon for many, but with high-profile breaches like the iCloud hack on the rise, it is becoming clear that there is more to the cloud than a silver lining.

Cloud-based solutions offer a plethora of business advantages, including simplified scaling, reduced overhead, and shared cost-effective infrastructure. However, many of these benefits also present significant security implications.

In the rush to embrace new platforms and technology, some of the basic tenets of data security are falling by the wayside. A recent Ponemon Institute study surveying 1,864 IT professionals found that while enterprise cloud usage is likely to continue growing over the next 2 years, security practices have largely failed to keep up.

“Cloud usage grows without the support of necessary governance practices. On average, the use of cloud computing resources for total IT and data processing requirements will increase from 33 percent to 41 percent in the next two years,” the study reads.

What do “necessary governance practices” look like? To an extent, they’re still a work in progress, which exacerbates the difficulty, but a consensus is starting to emerge that comprehensive cloud security requires a collaborative approach between customers and service providers.

According to Phil Hochmuth, program manager, Security Products at IDC, "IDC expects to see expansion of more interoperable and coordinated security solutions from both sides of the cloud computing economy.”

Tools like end-to-end encryption, where information is encoded by the sender and can only be decrypted by the recipient, are beginning to shore up security. Unfortunately, the law doesn’t always mandate their use, so many gaps still exist. Rather than waiting for regulations to catch up, organizations looking to adopt a proactive security strategy should consider some basic best practices.

Third-party Access

The most fundamental characteristic of cloud storage tends to be one of the most overlooked—the fact that your data lives on third-party servers. This presents numerous security implications.

“Sixty-two percent of respondents say their organizations have third parties accessing the cloud. However, 49 percent say their organization does not use multi-factor authentication to secure access to data in the cloud environment and 5 percent are unsure,” reads the Ponemon study. “About the same percentage of respondents say their organizations do not use multi-factor authentication for employees’ access to the cloud.”

Common-sense safeguards like multi-factor authentication are critical in safeguarding cloud data, but organizations also need to be discerning when it comes to choosing cloud service providers.

Among the more obvious questions to ask is where your data will reside geographically. A cloud service provider might utilize servers located in developing nations, where physical security is more difficult to guarantee. It is also important to ask about the security policies within the actual data center. Who has access to your information?

Shadow IT

Another characteristic shared by most cloud services is that they’re much easier to procure than traditional IT. Previously, when a development team needed more storage or a new server, they would requisition it through their company’s IT department. For instance, today the development team can bypass IT and go directly to Amazon Web Services, where all that’s needed is a corporate credit card.

While this might simplify things for the development team, the ad-hoc approach makes it difficult, if not impossible, to administer a cohesive IT policy, much less an effective security model. “IT is losing control of corporate data stored in the cloud. An average of 50 percent of cloud services is deployed by departments other than corporate IT and an average of 44 percent of corporate data stored in the cloud environment is not managed or controlled by the IT department,” the study reads.

Though cloud computing undoubtedly offers enormous business value, it also adds significant IT complexity. So far, we’ve taken a largely ad-hoc approach to how we utilize cloud services, but we need to realize that robust security can’t be cobbled together piecemeal—it’s the product of a sound and comprehensive IT strategy.

There’s no question the future of IT will be marked by greater agility, but as our technology becomes faster and more advanced, so do hackers and cybercriminals. Data security in the twenty-first century demands more than a next-generation firewall—it requires developers and IT teams to develop and learn new ways of working together.

Dr. Satyendra Kaith is an adjunct professor at the School of Business and Information Technology at Purdue Global. The views expressed in this article are solely those of the author and do not represent the view of Purdue Global.


Did you find this article interesting? If so, share it!

If you are interested in other career insights, we invite you to take a look at some more articles on Purdue Global's Career Moves page.

And if you are considering an Information Technology degree we invite you to find out more about our School of Business and Information Technology and explore Purdue Global's undergraduate and graduate degree offerings. 

It is important to note that certain career paths are growing and our degrees are designed to strengthen your knowledge and prepare our students to advance their careers. But Purdue Global cannot guarantee employment or career advancement. Several factors specific to a student's or alumni's backgrounds and actions, as well as economic and job conditions, affect employment. Also, keep in mind that national long-term projections covered in articles may not reflect local and/or short-term economic or job conditions, and do not guarantee actual job growth.

It's equally important to note that the Bureau of Labor Statistics found a direct correlation between unemployment rates and educational attainment. Those in the job market with a degree are less likely to be unemployed and those with a graduate degree have the lowest unemployment rates in the market.