Welcome to #WeekendWisdom number 44. This week we’re going to talk about how secure is the cloud?
How Secure is the Cloud? That’s a silly question, isn’t it?
Every day millions of people all across the world store data in the cloud. Now the cloud storage providers offer great tools and features for us to be able to secure our data on their infrastructure. But who is responsible for securing our data on their infrastructure?
You … or your IT team … or your security people. But it’s not totally the cloud storage provider’s responsibility to keep that data safe. They do have some responsibility but not as much as you might expect.
Can I get a for example?
For example, lots of us use things like Dropbox and Google Drive to be able to share data with people, including people outside of our organisations. Now after you finish a project with somebody and if you might have shared folders with them, do you go back in and revoke their access to that? Because if you don’t actively do so, they’re still gaining access to that data for months and years later. If you continue to use that folder, they’re still getting access to up-to-date data. So you have got to review any shared folders like that and revoke access where appropriate.
Similarly, on things like Amazon S3 buckets, which I talked about three years ago, a security firm last month had done an analysis and they found 4,000 Amazon S3 buckets that were publicly accessible. Very easy to get into and to find data. A lot of these S3 buckets had secret information in there, passwords etc.
So if you use Amazon S3 buckets, please do a good review on their security and put passwords on them and other security features. You might need to check to see if your staff might be using one quietly. You can get more details on Shadow IT here.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We can conduct an audit on your infrastructure and look for signs of Cloud Storage. When we find it, we can provide guidance on securing it appropriately.
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.