It’s fair to say this technology has become ubiquitous in recent years, with the global cloud storage market projected to grow from USD 50.1 billion in 2020 to USD 137.3 billion by 2025. As a result, many laptops have minimal onboard storage because of the ease and accessibility of cloud storage. With more and more data being stored on third-party services, ensuring it’s secure can become a daunting task.
The risk posed by these services is less in the technology itself but with the behaviors associated with them. Companies in the field of cloud storage are well aware that security is paramount. However, as the number of services that integrate with these cloud drives increases, so does the potential for security breaches.
Cloud storage is loved for its convenience, but this benefit can also lead to carelessness. For example, users may mistakenly allow unauthorized access to strategic information if they don’t understand the platform well. With cloud storage being intimately tied with the rest of their ecosystem, it’s important to take these risks seriously and have guidelines in place surrounding the use of these services with company data.
The Cyber Security Risks of Cloud Storage
Companies that offer cloud storage services have been able to grow their business on the back of their security measures. All popular cloud storage services have robust measures in place when it comes to their servers. They also offer strong encryption options to their users.
While these services are secure, they don’t provide failsafe protection from phishing attempts. Cloud credentials have become a prime target for phishing, with 59% of respondents in a recent survey from Oracle said their organization was a target of such an attack in 2020.
But what if the same features of cloud storage could lead to exploits?
From phishing attempts via email to downloading malicious software because of file version security flaw, there are many potential risks when it comes to cloud storage. And with more and more employees working from home, the line between personal and professional cloud storage might be blurred.
As with many modern cyber security risks, the real danger lies in the interconnectivity of the technology world. Not only does cloud storage often contain personal information and even pictures of ID documents, but these services are also often connected to email, web apps, and more. A single breach can rapidly overtake a user’s entire tech ecosystem.
Guidelines for Safe Cloud Storage Use
Personal and corporate cloud storage usage will only increase in the coming years, so you must put in place a plan or remind your users regularly of the following measures:
Pick a cloud storage service
The easiest way to keep things manageable and secure is to ensure that all your users are only using one personal cloud storage service that you have control over. No matter the service you end up selecting, stand your ground with your users and make sure everyone uses the one you chose.
Phishing awareness
Phishing attempts are constantly evolving and changing. Personal cloud drives are becoming an increasingly popular target. Remind your users regularly that they shouldn’t click on links from unknown senders, even if it’s a Google Drive or Dropbox link.
Two-factor authentication
Enabling two-factor authentication is an excellent way to prevent unauthorized connections. It’s a good way to protect yourself against your users who still don’t have great passwords in place, but it’s also a safeguard against credentials revealed through phishing attacks.
Third-party apps
Thousands of third-party apps connect to personal cloud data storage services. While the services themselves have suitable cyber security measures, the apps are often smaller companies that might not have the same standards. Thankfully, all personal cloud data storage platforms have admin options that restrict the apps that are linked.
Information classification and data loss prevention
Establish information classification and labelling policies and guidelines and inform users of their responsibilities to properly handle data. For more advanced protection mechanisms, implement data loss prevention technology for strategic and other sensitive data.
Comparing the Leading Personal Cloud Data Storage Services
There are four major players in the space: Google Drive, Dropbox, Apple’s iCloud, and Microsoft’s OneDrive. Even if you’ve already selected a service at your company, it’s crucial to stay up to date with all of them so you can be aware of potential risks if your users use a different one at home. In fact, in a recent survey by technology review platform GoodFirms, more than half the respondents reported using at least three different storage services regularly.
Google Drive
Google is the leading player in the personal cloud data storage game. Many users are already very familiar with the platform because it has a popular free version and integrates very well with other services.
The fact that Google Drive is a part of the larger Google ecosystem is a blessing and a curse. It’s easy for users to work and collaborate using this platform. However, a Google Drive breach can lead to email access and even takeover of a user’s phone if they use an Android device.
Dropbox
Dropbox is the company that introduced most people to the concept of personal cloud storage. They have since expanded their offering by introducing Dropbox Paper, a supercharged version of Google Docs that allows all types of collaboration.
Dropbox used to be entirely focused on the consumer side of the business. Still, they’ve executed a shift towards enterprise customers in recent years, and their admin features might surprise you.
iCloud
Anyone who owns an Apple phone or computer has an iCloud account by default. iCloud doesn’t have as many options for back-end control, but has almost no 3rd party app connections available.
iCloud also has the same major pitfall as Google Drive. An iCloud breach can very easily lead to control over a user’s phone.
OneDrive
Just like with iCloud, everyone with a Windows license has a OneDrive account by default. It’s likely to be very familiar to most of your users, and it integrates extremely well with Microsoft’s Office software, as well as several other third-party apps.
It boasts the most robust security options of all the major players and has many admin options to tailor it to your needs. Unlike iCloud and Google, the ecosystem impact is likely to be limited to a user’s computer that you could easily control in the event of a breach.
Recap
The Cybersecurity and Infrastructure Agency in the US recently published a memo concerning cloud data storage. However, it wasn’t targeting the tech companies offering these services. Instead, it warned workplaces about “poor cyber hygiene practices.
The trend here is clear: cloud data storage is a safe option. The real risk comes from user behavior. Thankfully, these can easily be fixed by putting in place a robust set of guidelines for cloud security. Now more than ever, cyber security goes through education more than technology.
Cyber Security Hub: Access Exclusive Cyber Security Content
Take advantage of our free Cyber Security Hub – it is your one-stop cyber security awareness and knowledge center with one-click access to our COVID-19 Kit, Work From Home Kit, Password Kit, Phishing Kit and more.