Many users and companies, without the necessary IT training or resources, work with two premises when assessing the security of their data:
- «Nothing has ever happened to me, nor have I lost any data»
- «They assume that what happens to other users or companies will never happen to them»
Both premises are clearly wrong. Remember that today human capital is replaceable, data ISN’T. A company cannot lose its documents, CRM and ERP information, Virtual Machines and continue to function.
That’s compounded by data in the cloud… There is a belief that this data is secure… Nothing further from reality. It’s in the cloud…… Accessible to many and multiple threats.
Let’s start by clarifying the arc of shared responsibility, i.e. who is responsible for information and managing data security in the cloud
Major vendors such as Amazon, Google, and Microsoft have already stressed that security is a shared responsibility where they take care of what’s outside the cloud and users are largely responsible for cloud security. For more reference, read: Amazon Shared Responsibility Model, Google Cloud Platform Responsibility Matrix, Microsoft Azure Shared Responsibility Model.
If we look closely at the following figure we will clearly see that the responsibility for the data is largely in the hands of the customer himself.
Take, for example, Microsoft: Division of Responsibility
“In an on-premises datacenter, you own the entire stack. As you move to the cloud, some responsibilities are transferred to Microsoft. The following diagram shows the areas of responsibility between you and Microsoft, depending on the type of stack deployment.”
Let’s go on to detail some of the risks our data is exposed to in the cloud:
No backups of your data
Most large platforms (AWS, Microsoft, Google) do not back up your data. It’s true that they have replication mechanisms for their data centers, but that’s far from a copy. If the data is corrupted for any reason, the already corrupted data is replicated to other datacenters.
Just so it’s in the cloud doesn’t mean your data is secure
Many people assume that the defense mechanisms of large cloud infrastructures make our data secure. They certainly hinder indiscriminate access to our data by hackers or unauthorized personal, but with a simple «hacked» account and password from a local device an intruder will have access to the data in the cloud without problems.
Cloud involves sharing.
There is still no proper culture or training to manage corporate information in the cloud. Users, probably confused with so many tools(Teams, Meet, SharePoint, Drive, OneDrive… ) , tend to share information in an uncontrolled way. Access is often given to external company personnel, who without proper maintenance or supervision will have access to our environment for a time often in definite. All that decentralization of information is at odds with the security of our data.
Both Microsoft and Google have mechanisms that allow you to synchronize Cloud information with our on-premises device. This is especially dangerous in the face of the attack of computer viruses that can infect our computer: erasing, stealing or what is worse by encrypting the information that will be immediately synchronized with the one in the cloud. Cloud platforms have tools that store different versions of a document, and therefore it is possible to revert an encrypted file to the previous version. But what if that happens with hundreds of thousands of files? The recovery process may be superior to the company’s survival process.
Let’s not rule out accidental deletion by mistake or human negligence. A user can delete documents from the cloud and mistakenly empty the recycle bin… This implies a total loss of information. Let’s think not only about documents, but for example in Outlook or Gmail…. what happens if we delete an entire folder structure and accidentally empty the recycle bin? What if we perform a process of upgrading a Virtual Machine in the cloud that we do not have a copy of, and that process fails and causes the VM to become unavailable?
There are multiple applications that allow you to make backup copies. Altaro is one of them. It has solutions for virtualization and cloud environments. Even some of them are free that can serve as a backup solution for small environments.
On its website, you can see the latest news, among which we can highlight the following:
For Companies/Organizations, you can check out these free trials: