Skip to main content

Cloud Security - You Have What You Bring

February 05, 2015

It should be no surprise that moving to the cloud is all the rage these days. After all, why wouldn’t people want it? You can replace hundreds of thousands or millions of dollars in hardware costs, maintenance and staffing with relatively cheap storage and virtualization fees and not worry about your back-end infrastructure. From a cost/benefit/productivity perspective, it is the greatest thing since specialization was introduced in assembly line manufacturing.

However, the decision to jump headfirst into the cloud should not be made so quickly. There is a cost, and it could be catastrophically high, if unintended parties gain access to your cloud data.

Ask any celebrity recently affected by the Apple Cloud hack. The breaches were a little too revealing and the long-term effects unknown.

To be clear, I am not saying don’t use the cloud. Personally, I like the cloud, but I am very careful what I put in there and do not having anything very sensitive there that is not protected. Moreover, my expectations of cloud security are very low. I expect that all of that data in there will one day be compromised. And why wouldn’t I? Seems like everything is compromised these days; it is just a matter of time until we hear about it.

Based on my experience, I am convinced that every company of significant size has already been breached and everyone’s identity has been stolen dozens of times over. But, then again, I am a bit jaded and pessimistic from doing computer forensic and incident response investigations for so many years.

As such, I recommend that you bake your own security into what you place in the cloud using a suitable DLP solution that contains DRM capabilities. Or, at least encrypting the data stored in the cloud using file-based encryption to prevent it from being any use to unintended parties. If the encrypted data is compromised, so what?! Have fun with that.

Additionally, please also read my blog about “Challenges of Computer Forensics in Cloud and Hosted Environments” for other contractual considerations that need to be made BEFORE signing on the dotted line with a cloud or hosted solution.

Related Blogs

December 19, 2013

CryptoLocker Prevention and Remediation Techniques

If you’re running Windows XP through Windows 8, chances are you've heard of CryptoLocker by now. If not, for some background, check out our previous 6...

See Details

March 05, 2015

Why do they call it DLP?

I always have to ask myself every time I hear the acronym “DLP.” Why do they call it that? There is no “prevention” in most DLP. It should be called D...

See Details

February 05, 2015

Cloud Security - You Have What You Bring

It should be no surprise that moving to the cloud is all the rage these days. After all, why wouldn’t people want it? You can replace hundreds of thou...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

September 20, 2017

Cloud Security Architecture

Learn how our experts formulate an actionable strategy with key stakeholders and help implement your cloud security program across the enterprise.

See Details

June 14, 2017

Incident Management Plan Development

We have the experience and knowledge required to help your organization develop a strong incident management plan.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.