Avoiding cyber-attacks with the correct cloud strategy
Avoiding cyber-attacks with the correct cloud strategy
With the recent increase in private and public cloud usage there has also been an alarming rise in the number of security risks these platforms open up. This is an obstacle for those who want to use cloud technology more intensively in their organisations. This is set to continue as cloud computing is predicted to see a growth in profits from US$ 67 billion (£50 billion) during 2015, to US$ 162 billion (£120 billion) in 2020.

The security risks that have developed in line with the increase in private and public cloud usage include threats of ‘ransomware', such as so-called trojan ransom or crypto. These vulnerabilities have intensified within the last few years. A key ‘ransomware' case was that of WannaCry within the NHS, which occurred last year. Other companies such as Uber have also recently faced similar attacks and many companies are fearing the risk of hackers gaining unauthorised access to sensitive company data or data loss, through adopting a cloud strategy. 

Avoiding costly attacks 

Research has suggested that the cost of a single ransomware attack can drain a business of more than £500,000 in funds. Not only does the business have to pay for the ransom, but also the loss of valued data, the expense of improving their infrastructure and the costly repairing of their brand image for existing and new customers. 

Businesses can avoid or reduce the scale of impact an attack has on their company if they use the correct cloud strategy when controlling their security. Technical security only works if it is accompanied by organisational and personnel measures. Despite the well-documented cases of data breaches, cloud computing is an attractive proposition for companies, as not only does it ensure security, but can reduce their costs significantly. 

Here are some suggestions that businesses should consider when adopting a managed cloud strategy and preventing attacks associated with cloud usage:

Guaranteeing strong encryption and data integrity

Some businesses use Information Security Management Systems (ISMS) which carry out relevant procedures and regulations to help prevent these attacks. Connecting distributed locations with high security and conjoined frameworks such as (Internet Protocol Security) guarantee strong encryption and data integrity in business information. 

Making sure the login to applications is secure and done via clientless credentials and not transmitted from the client to the application, avoids anyone being able to gain authentication or access to private data. If businesses also use implemented streaming technology successfully it will ensure no additional data is collected or saved. With this technology, profiles are stored, encrypted and are placed in technologically isolated storage systems. 

Making streamed target infrastructure invisible to attackers ensures that existing systems are no longer operated openly in the internet and for others to see. The IP address of the enterprise network is masked through the connection in the back end, which then makes it invisible for any external parties, especially people trying to hack into the data.

Web servers and malware 

Web servers are one of the key distributions for malware, these are loaded, undetected and activated onto local systems during user's visits to an infected website. This results in attackers accessing information from devices, using them for distribution of spam, encrypting data and demanding ransom money for decryption. Some cloud strategies will encapsulate the browser into a virtual machine and operate on a hardened guest operating system. Along with this, web filters are also used, these block infected websites and analyse loaded data, checking for any malicious codes in the system. 

Companies that offer their own solution to display websites with secure browsing also allow a better protection than standard web browsers which minimises the damage that can be caused by certain attacks. 

Along with the use of correct cloud strategy, companies can also make sure they are members of various IT Security Associations, in contact with experts and receiving daily updates regarding cyber-threats. This means that they are constantly up to date and are able to react immediately to any threats posed against them. 

Cloud computing services and cloud applications support growth in ways that IT hardware cannot, even if it is a startup with a handful of staff or a international corporation with a large headcount, the cloud seems to be way of the future for companies. It is therefore more important than ever to manage the plethora of security risks out there by selecting the correct cloud strategy. 

Contributed by Dominik Birgelen, CEO of oneclick A

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.