Egnyte in the News!
“How To Keep Data Safe In the Cloud“
“Weak servers, weak logging, weak physical security, weak counterintelligence, inattentive signal analysis.”
That’s how U.S. Army Intelligence analyst Brad Manning described the IT system of the United States Army in 2010. Manning, if you recall, also downloaded the 260,000 diplomatic cables and other classified data later made public by Wikileaks.
The Manning incident embodies some important trends in information security. For one, most data is stolen from inside of servers, not from the outside, according to the Verizon 2011 Data Breach Investigations Report. More than 80 percent (83 percent) of victims were “targets of opportunity,” and 92 percent of attacks were “not highly difficult.” Simple or intermediate controls would have prevented 96 percent of breaches.
The U.S. Army and its rogue former analyst are Hollywood-grade examples of some very common security threats. You don’t have to be high profile to make the grade for hackers. Indeed, “Small companies, which are making the leap to computerized systems and digital records, have now become hackers’ main target,” according to a recent Wall St. Journal article. Small businesses lacking the big bucks or know-how of their Corporate America compatriots become easy bait for those “not highly difficult” attacks.
How Being a Cloud Services Provider Can Help
In the world of IT security, cloud computing comes with built-in protections, a real boon for the small and medium-sized businesses (SMBs) that can’t afford to build these systems in-house. When promoting a cloud-based solution, highlight key standard protections, including:
- Multi-factor authentication. Your server should authenticate every user for their username, password and the company-specific domain customers are logging into.
- Protection against cross-site request forgery and cross-site scripting. Your server should scramble passwords, so that if a hacker opens your password database, the passwords would be indecipherable.
- High-end firewalls and routers.
- Good encryption. Web browser and desktop access should be encrypted over SSL to protect from sniffers. Data at rest should also be encrypted.
- Good physical security. That includes locked, guarded colocation facilities with strong physical access controls and video surveillance.
- Segregation of customer data by accompanying every request with tamper-proof user identity credentials, even for offline sessions.
- Proactive security measures. The system should detect and log unsuccessful login attempts for monitoring by the administrator. The cloud provider should be proactive about monitoring network activity, retaining all log files and analyzing them in real-time.
- How often do you make people change their passwords?
- How often do they have to use their passwords?
- Is there a peak in download activity by an employee?
- How often are clients connecting to your customer’s account? Which ones are connecting?
- Is your customer aware of every new client that joins the account? If not, there’s a problem.
Can you imagine how Bradley Manning might have described a failed attempt to breach the systems of the U.S. Army? “Strong servers, strong physical security, attentive audits, encryption, clear and consistent business rules.” With the right kind of cloud server, lip-synching Lady GaGa songs would have been insufficient to cover up Manning’s download of classified files. By using the right server and abiding by the right tips, you, too, can keep your data where it belongs.
*This article originally appeared in CRN on September 20, 2011.