With 96% of companies reporting insufficient security for sensitive cloud data, security issues about cloud computing can’t remain an afterthought.
The rise of cloud storage has enabled much of the rapid digital transformation people have experienced since the onset of the pandemic. Forecasts project that today’s $83.41 billion global market will explode to $376.37 billion by 2029.
While cloud storage opens many opportunities to streamline processes and productivity, we must also keep in mind the arduous risks it poses.
These risks are less about the technology and more about the associated behaviors. As the number of services that integrate with these cloud drives increases, so does the potential for security breaches.
Likewise, as remote work has become commonplace, many security leaders have voiced concerns about a spike in unsafe habits, such as saving files in both personal and business clouds without permission or oversight.
Carelessness like this may mistakenly allow unauthorized access to strategic information by malicious actors, for example.
With cloud storage already tied so intimately to our personal and professional computing habits, it’s essential to take the cyber security risks seriously and have guidelines about using these services with company data.
The Cyber Security Risks of Cloud Storage
Cloud storage providers have grown their businesses based on their security measures. Most, if not all, popular cloud storage services have robust measures in place regarding their servers. And depending on the package level or storage capacity, many merchants bolster their solution with strong encryption options.
But while these services are secure, they don’t provide failsafe protection against classic attacks like phishing attempts.
In addition to traditional credential phishing, hackers now leverage the cloud to deploy fake third-party cloud apps, tricking users into granting access to their actual corporate cloud data and resources.
These attacks are relatively new, and experts expect they will increase over time.
As with many modern cyber security risks, the real danger lies in the interconnectivity of the technology world, and a significant potential vulnerability for cloud services comes through APIs (Application Programming Interfaces).
APIs allow different applications to interface and communicate with each other across a network. In many ways, the security of your cloud is only as good as the security of the APIs you approved for access.
Third-party APIs are ubiquitous and present a vast attack surface. One compromised API could give a hacker a backdoor into your system through that “trusted” interface and overtake your entire tech ecosystem.
Recent research from Netskope highlights the risks of API security for cloud services.
On average, end-users in organizations of at least 500 users granted more than 440 third-party applications access to their Google data and applications. A single organization had an astounding 12,300 different plugins accessing its cloud. And 44% of all third-party APIs accessing Google Drive had access to sensitive or all data on a user’s account.
File-based malware also presents a significant risk for cloud computing. The file-syncing functions of cloud storage make it easy for teams to collaborate on projects across different devices and make systems vulnerable to infected files.
Cloud storage providers usually sync files from local folders on your computer with files stored in the cloud. Downloading a malicious file to your local device can unwittingly provide access to your company cloud, where the file can infect the whole network.
Using an attack technique called “ransomcloud,” cyber criminals can lock up data and cloud-based applications and demand a ransom from an organization to restore access.
Guidelines for Safe Cloud Storage Use
Personal and corporate cloud storage usage will only increase in the coming years, so you must implement a plan or regularly remind your users of the following measures:
Pick a cloud storage service
To keep things manageable and secure, ensure that all your users only use one personal cloud storage service you control. No matter the service you select, stand your ground with your users and ensure everyone uses the one you chose.
Phishing attempts are constantly evolving and changing. Personal cloud drives are becoming an increasingly popular target. Remind your users regularly that they shouldn’t click on links from unknown senders, even if it’s a Google Drive or Dropbox link.
Enabling two-factor authentication is an excellent way to prevent unauthorized connections. It’s a good way to protect yourself against users who still don’t have great passwords in place, and it’s also a safeguard against credentials revealed through phishing attacks.
Thousands of third-party apps connect to personal cloud data storage services. While the services have suitable cyber security measures, the apps often come from smaller companies that might not have the same standards. Thankfully, all personal cloud data storage platforms have admin options that offer protection against insecure apps.
Information classification and data loss prevention
Establish information classification and labeling policies and guidelines and inform users of their responsibilities to handle data appropriately. For more advanced protection mechanisms, implement data loss prevention technology for strategic and other sensitive data.
Comparing the Leading Personal Cloud Data Storage Services
There are four major players in the cloud storage space: Google Drive, Dropbox, Microsoft’s OneDrive, and Apple’s iCloud.
Even if you’ve already selected a service at your company, it’s crucial to stay up to date with all of them so you can be aware of potential risks if your users subscribe to a different service at home.
Google is the leading player in the personal cloud data storage game. Many users are already familiar with the platform because it has a popular free version and integrates well with other services.
The fact that Google Drive is a part of the larger Google ecosystem is both a blessing and a curse. It’s easy for users to work and collaborate using this platform. However, a Google Drive breach can give cyber criminals access to email and even let them hijack a user’s Android phone.
Dropbox is the company that introduced most people to the concept of personal cloud storage. They have since expanded their offering by introducing Dropbox Paper, a supercharged version of Google Docs that allows all types of collaboration.
Dropbox used to focus entirely on the consumer side of the business. Still, they’ve executed a shift towards enterprise customers in recent years, and their admin features might surprise you.
Everyone with a Windows license has a OneDrive account by default. It’s likely to be very familiar to most of your users and integrates extremely well with Microsoft Office software and several other third-party apps.
OneDrive boasts the most robust security options of all the major players. It also has many admin options that you can customize to meet your needs. Unlike iCloud and Google, a breach will likely only affect a user’s computer, so it’s easier to manage the ecosystem’s impact.
Like OneDrive, anyone with an Apple phone or computer has an iCloud account synced to their ID. iCloud doesn’t have as many options for back-end control but has almost no third-party app connections available.
iCloud also has the same major pitfall as Google Drive, where an iCloud breach can easily lead to control over a user’s phone.
Let your users do their part
While cloud data storage is usually a safe option, it’s important not to get complacent. With the growth of remote work and people interacting with multiple cloud services over unsecured networks, some of the most significant risks to cloud computing come from user behavior.
Managing these risks starts with having robust guidelines for cloud security. Now more than ever, cyber security relies on effective education more than technology.
Cyber Security Hub: Access Exclusive Cyber Security Content
To learn more about phishing, social engineering, and how to defend yourself against these and other cyber threats, visit the free Cyber Security Hub—your knowledge center for cyber security awareness.