everythingpossible - Fotolia
Cloud storage security has improved significantly over the past few years, but that doesn't mean administrators can rest easy.
Cloud storage security issues are still common, exposing enterprise data to unauthorized parties. This could potentially lead to angry customers, furious business partners, costly lawsuits and other headaches.
Below are five cloud storage security risks, and tips on how to avoid them.
By far, the top cloud storage security issue is misconfiguration, said David Horne, chief technologist at business management and IT consulting firm Booz Allen Hamilton, which has its headquarters in McLean, Va. Misconfigurations can result from inexperienced or uneducated engineers, overly complex resource policies or ever-changing user interfaces, he said.
Circumstances play a role, too.
"An engineer might intentionally implement an overly permissive policy while troubleshooting a new feature or addressing a production outage ... but then forget about it due to shifting priorities," Horne said.
A comprehensive cloud storage plan can minimize the risk of misconfigurations.
"First, organizations need to establish clear policies and standards that describe which services may be used, what data can be stored in them and how they should be secured," Horne said.
Nelson FordFounder and principal solutions architect, Pilotcore Systems
Train technical staff on approved cloud storage technologies and the organizational policies and standards that govern their use. Implement controls that restrict the number and type of engineers who can modify storage configurations. In addition, apply overarching account or project policies that preclude or disable high-risk configurations.
Finally, monitor cloud storage configurations with configuration management tools and audit logs, Horne said.
2. Insufficient data governance
A lack of data governance, particularly after teams complete a project, can lead to cloud storage security issues.
"For example, in many situations users create storage pools for a specific project and, when the project is completed, they simply release the storage back to the cloud provider," said Kenneth Waldrop, managing director at business management and IT consulting firm EY, headquartered in London. "The storage may still contain residual data that bad actors can exploit."
To prevent data leakage, encrypt data at rest with strict key management, Waldrop said. Also, enforce segregation of duties to limit data access, educate cloud users on data protection and use third-party data protection tools to complement whatever the cloud provider offers.
3. Poor access controls
Unauthorized third-party access to cloud files is a well-known threat that many organizations fail to adequately address.
"It's critical to ensure that data is accessed only by authorized individuals [and] that the data is accessed for legitimate reasons," said Nelson Ford, founder and principal solutions architect at Ottawa-based AWS consulting firm Pilotcore Systems.
Establish permissions based on the principle of least privilege, restricting users only to the files they need on a regular basis, Ford said. Log all file accesses and securely encrypt the files themselves.
"Using a log analysis and monitoring tool and receiving alerts on unusual activity is essential to proactive cloud storage management," Ford said.
4. Inadequate security controls
Cloud storage security issues can develop from conflicting and overly complex security controls that, in many instances, require a cloud security engineer to implement. Organizations can address this issue in two ways, according to Zach Powers, CISO at Benchling, a life sciences research and development cloud platform developer based in San Francisco.
"One option is to go with a cloud storage solution that requires [customers] to set up basic security controls -- such as AWS S3 buckets -- themselves," he said. Another choice is to use a cloud provider that agrees to shoulder the responsibility of data storage security.
5. Sketchy regulatory compliance
Compliance is a growing cloud storage security concern. Global enterprises must track and adhere to rapidly evolving and multiplying privacy and retention laws, said Santha Subramoni, global head of cybersecurity solutions at IT consulting firm Tata Consultancy Services, based in Mumbai, India. Compliance mandates vary depending on how and where organizations store data.
"Planning all aspects of data when embarking on a cloud journey is a prerequisite," Subramoni said.