Subscribe to the Zog Blog

Subscribe to the Zog Blog to get news Delivered straight to Your box!

Newsletter Signup

Think the Cloud is safer for your business? Think again!

Think the Cloud is safer for your business? Think again!

One of the first things business owners all over the Philadelphia metro tell me when we perform eye-opening security roadmap assessments is “We’re in the cloud. We’re safe, right?”

While I wish the cloud was as safe as we all believe, the problem is it’s not really much safer than hosting your servers on site—especially if you or your IT team isn’t investing serious time and energy making sure you’re safe from the next ransomware attack.

One of the biggest problems with the cloud is that most folks don’t quite understand what the cloud is and why it might not be the completely safe solution they’ve imagined. And when many business owners buy into the cloud concept, what they fail to understand is that the cloud is only as safe as you make it.

What exactly is the cloud?

When a tech company tells you that your data is in the cloud, it isn’t in fluffy white things in the sky and the wind definitely isn’t blowing it around. The cloud refers to software and services that run on the internet instead of locally in your office. Essentially you and your users are connecting to a remote server somewhere rather than connecting locally to a server in your office.

Why folks choose the cloud?

Having a cloud-based platform does have many advantages—especially when it comes to accessing information from anywhere on multiple computers or devices. Your data, software and services are essentially working on a remote server, which means you don’t necessarily need to have expensive high-end machines to get the job done (the server is handling a lot of this leg work for you). It also means you can pick up your work where you left off outside of your office and that you can more easily share your files and collaborate with colleagues.

Are there any risks to the cloud?

When you don’t have an internet connection, you may be locking yourself out of your cloud-based programs. And if there are any technical issues with your server, you might be locked out from accessing needed data as well. As with any server or computer, if a disaster happens—including cybersecurity—you might be left helpless wondering when business will go back to some assemblance of normalcy.

The cloud is just as vulnerable to cyberattacks as anything else

Just like your computers on your local network, cloud-based servers are vulnerable hacking and cyberattacks if not well-protected. Ransomware infections, data leaks and hacks are not unheard of in cloud environments.

With growing popularity and demand for ‘work from anywhere’ solutions, criminals are seeing cloud environments as perfect targets to exploit. And what makes targeting simple is that servers are servers. It doesn’t matter whether your server is in the cloud or in your office. The software running on that server will be the same, the environment will be the same and the security vulnerabilities are all exactly the same.

If your cloud server isn’t being maintained well—not having patches applied timely, not being backed up in case of a disaster, or giving access to sensitive data to those on your team that shouldn’t really have that much access, you may be just as much a sitting duck as if your server were sitting in your office!

And even worse—if your team feels like the cloud is completely safe and accesses it from less secure places—say, the local coffee shop or mall, where the network connection is by no means secure—you may be risking more than you’d bargained for in having a work from anywhere solution.

Now, don’t get me wrong, the cloud has revolutionized how we all do business, and has certainly made work a lot easier to get done. I am an advocate for business cloud solutions. But what I want to caution is that you really need to make sure you understand that the cloud solution you select could have serious implications on your business security.

If your cloud provider does not maintain its network—keeping software updated and patched, firewalls monitoring traffic and detecting and preventing malicious traffic from hitting your cloud server— you may be putting your business data at risk!

If you’re not inspecting your cloud hosting carefully, how do you know that your business’ data won’t get infected because another business hosted by your provider got a ransomware infection?

Even electronic medical record (EMR) providers have been getting attacked with ransomware. These are cloud-providers that store hospital and doctor’s office healthcare records—companies that you’d have expected to have top of the line security systems in place to prevent any sort of cybercrime.

The reality is that many cloud providers overlook standard preventative maintenance and monitoring because they are simply too busy. Too focused on other things to really keep your data secure.

How can your IT Support make sure that your cloud system is safe?

Check up on patches—I’ve discussed patching before. While for Zog clients, patching is just part of the day-to-day protection that prevents becoming the next victim to ransomware, for many IT Support teams, patching is out of what may fall into their routine. Most often, these teams—whether they are internal staff or outsourced IT Support solutions—are too inundated with user questions, issues and fires to really give them the time to dedicate to making sure servers and workstations are being patched.

As you now understand, cloud servers are pretty much the same exact thing as a server in your office—they use the same software, all of which have the same vulnerability issues as if you could physically touching the machine. The bigger problem with cloud servers is out of sight out of mind.

Monitor traffic on your cloud servers—like you would on your local network, your IT team should be evaluating and understanding what typical traffic looks like across your cloud-based platforms. The more you understand about what looks like routine traffic, the more able you will be able to detect suspicious activity before it becomes a real problem.

Protect your cloud solution with modern firewalls—along with your local network having protection from modern firewalls which can learn what ‘bad traffic’ looks like (by where it’s coming from or what it is doing when it gets on your network), so too you should expect to have a firewall protecting your cloud server—so that you can protect your hosted data as carefully as you would if it were simply on your network.

Backing up your critical data—yes, backups are critical—even in the cloud. If your server dies or gets infected with a virus, you need that ASAP. Just because your data is in the cloud, doesn’t mean your IT Support has it all backed up. Make sure your team is backing up your data regardless of it being in the cloud or in your office and expect that they test your backups regularly (I’d recommend at least doing a monthly test restore process) to make sure in the event something happened, that there is actually data to recover from in your backups. You’d be surprised that nearly half of companies that need to use their backup end up not being able to recover the data they needed because their IT Support ‘thought’ their backups were working, but only found out they weren’t when they really needed it.

Do everything as if your server were in your office—if nothing else resonates, make sure this last piece of advice does. As long as your team is taking all of the same precautions as if they were working on servers or workstations in your local office (doing all of the aforementioned recommendations), they should be keeping your cloud environment safe from cybercrime. Make sure your IT Support treats your cloud environment as they would your local network. If they keep all of your ducks in a row in the cloud, you certainly won’t be a low hanging fruit for cyberattacks and ransomware.

Is your cloud data safe? Contact Us TODAY for a free security assessment!

Leave a Comment

Your email address will not be published. Required fields are marked *