The cloud is a very secure way to store, manage and transfer data, but it isn’t immune to all of the threats every computer system is at risk of falling victim to.
The cloud is vulnerable to hacks, hardware failure, natural disaster, human error and even sabotage.
In this post, I discuss the pros and cons of the cloud, why you should keep using it even if it isn’t always secure, and how to use it safely.
Is the Cloud Secure?
Yes, the cloud is generally very secure, even more secure than traditional storage solutions due to security protocols like encryption and multi-factor authentication.
But it isn’t completely secure. No storage solution is.
Image Credit: Brett Sayles on Pexels
To understand how cloud security works, you need to understand how the cloud works in general and how it differs from traditional storage solutions.
“The cloud” is a name given to a server system that’s powered by a large collection of servers. A single system might have hundreds or even thousands of storage drives.
The system is designed to work as one collective server (“the cloud”) that can draw on resources from any individual server in the system as necessary.
To put it simply, when you store something in the cloud, you’re still storing it on a physical storage drive. The difference is that drive is part of a large collection of storage servers that are housed in what’s called a “data center.”
Screenshot Source: Switch
How Do Cloud Providers Secure Cloud Servers?
You might be wondering how cloud storage is more secure than traditional storage even though it’s always connected to a network.
It comes down to the multiple layers of security cloud providers use in order to keep hackers and bad actors from accessing your data.
Here are some of the security methods cloud providers use to secure cloud servers:
- Encryption
- Network firewall
- Virtual private network (VPN)
- Identity and access management (IAM)
- Backups
Some of these methods must be configured by customers themselves. In fact, Amazon Web Services (AWS) operates on a “shared responsibility” security agreement in which Amazon agrees to secure the cloud infrastructure a customer’s data is stored in and the customer agrees to configure all of the security options AWS offers in order to secure their data.
To be more specific, most cloud providers offer data encryption that protects data when it’s at rest or in transit.
Screenshot Source: Cryptii
AWS allows you to encrypt your data while it’s stored in S3 Buckets or database tables and keeps that data encrypted when you move it to a new location in your network.
Data encryption is an important security layer because it protects your data even when hackers gain access to your network.
Encryption works by converting data from plaintext into ciphertext so it can’t be read. This works for video and audio files as well.
You encrypt files with keys, which are codes that must be entered in order to access encrypted files. AWS offers this feature through their Key Management System (KMS).
Network Firewalls and Other Security Methods
Like I said, encryption is an important security method because it protects data even when it’s accessed. But what other security methods do cloud providers offer?
One of them is a network firewall. AWS’ firewall allows you to control access through granular rules, block threats automatically based on rules created and managed by Amazon Threat Intelligence, and enable geo-based IP filtering.
VPNs allow you to establish encrypted connections when you and your employees access cloud resources from remote offices.
Identity and access management (IAM) is also very important.
IAM allows you to control who has access to what on a cloud network by forcing users to log in with a two-factor authentication (2FA, also known as “multi-factor authentication” (MFA)) method and assigning user roles to each account.
For instance, with AWS’ IAM roles feature, you can control which features and network locations your users have access to. This allows you to give enough permission to a user that lets them access files but enough restriction that prevents them making drastic changes or behaving unethically.
Finally, cloud providers create and store numerous copies of your data in the cloud in case anything happens to the original versions of your files.
List of Secure Cloud Providers
Screenshot Source: AWS
These are popular cloud providers that offer a lot, if not all, of the features I mentioned above:
- AWS
- Microsoft Azure
- Google Cloud Platform
Use one of these solutions if all you need is cloud storage:
- Google Drive
- Microsoft OneDrive
- Dropbox
- iCloud
Related: Microsoft Azure vs AWS: How to Choose the Right Cloud Platform
How Can You Keep Your Data Safe in the Cloud?
There are a number of things you can do yourself to keep your data safe in the cloud, some of which I’ve already mentioned:
- Choose a cloud provider carefully
- Keep the email account associated with the account you use to access your cloud servers secure. Use a computer-generated password and MFA
- Use a secure password for accounts you use to access cloud networks
- Use MFA for accounts you use to access cloud networks
- Enable encryption
- Configure access controls properly
- Enable a firewall for your network
- Use VPNs when accessing your cloud network from remote locations
- Check on cloud backups regularly to ensure they’re working properly
- Teach employees how to access the cloud securely
- Decide if certain files are too sensitive to store in the cloud
- Monitor logs for suspicious activity
- Remove user accounts and permissions for employees who no longer work with you
- Use dedicated work devices, and never use them for personal use
- Develop an incident response plan
- Perform security audits on a routine basis
Performing each of these actions will keep your data safer.
Related: The Ultimate Guide to Safe Cloud Storage
Alternatives to Cloud Storage
These are common alternatives to cloud storage:
- Local storage – For files stored on the device you need to access them on, such as a computer
- External hard drives – Physical storage devices you transfer files to. Also includes flash drives, CD-ROMs and floppy disks
- NAS – Stands for network attached storage. It’s a storage system you keep on the premises. Every device on your local network can access it
- Dedicated server – Still internet accessible, but instead of being connected to a cloud infrastructure, your data is kept on a singular server
Screenshot Source: Synology
There are advantages and disadvantages to each of these solutions. As far as security goes, many of them are prone to the same security threats the cloud is prone to, including hacks and malware infections.
External hard drives aren’t constantly connected to the internet, but they are at risk of falling victim to sabotage and physical theft.
It’s highly recommended that you use multiple storage solutions, including the cloud.
Frequently Asked Questions
Can the cloud be hacked?
Yes. Every computer system that’s connected to the internet can be hacked. This includes cloud systems.
It’s not easy due to the layers of security cloud providers use, but there’s always a possibility of a hacker finding a vulnerability and exploiting it.
This is especially possible if your cloud provider doesn’t have a good reputation for security as user error is at the heart of many data breaches.
What is the biggest risk with the cloud?
The biggest risk with storing data in the cloud is misconfiguring IAM settings.
Identity and access management (IAM) is a collection of settings most cloud providers offer that allows you to control how users log into their accounts as well as which users have access to what in your network.
Many data breaches and network outages are the result of user error.
By forcing users to log in with multi-factor authentication and ensuring the majority of your employees cannot access key settings in your network, you mitigate a lot of the risks that come with using the cloud.
Is my data safe in the cloud?
Yes, your data is very safe in the cloud. In fact, cloud storage is a lot more secure than traditional storage solutions due to features like data encryption and multi-factor authentication.
However, it’s important to remember that your data isn’t unattainable in the cloud and that the majority of cloud security is dependent on how well you secure your account and configure your network.
Can anyone access my data?
No. As long as your data is encrypted, only individuals who have an encryption key for that data can access it.
This includes AWS, but AWS’ data privacy policy states, “We do not access or use your content for any purpose without your agreement. We do not use your content or derive information from it for marketing or advertising purposes.”
Apple’s iCloud data security policy states, “End-to-end encrypted data can be decrypted only on your trusted devices where you’re signed in to your Apple Account. No one else can access your end-to-end encrypted data — not even Apple — and this data remains secure even in the case of a data breach in the cloud. If you lose access to your account, only you can recover this data, using your device passcode or password, recovery contact, or recovery key.”
Microsoft Azure’s data privacy policy says its agreement extends to authorized contractors they hire, stating, “We process your data only with your agreement, and when we have your agreement, we use your data to provide only the services you have chosen. These agreements apply equally to subcontractors (or, subprocessors) that Microsoft authorizes and hires to perform work that may require access to your data: they can perform only the functions that Microsoft has hired them to provide, and they are bound by the same contractual privacy commitments that Microsoft makes to you.”
What should you not store in the cloud?
- Passwords and PINs
- Personal details
- Financial information
- Legal documents
- Medical records
- Private files
- Intellectual property
Files that contain sensitive or private information or imagery should never be stored in the cloud. This includes documents that contain your social security number and payment information as well as intimate files.
Files that contain intellectual property should also not be stored in the cloud, especially if that property is stored in its entirety.
