Are phishing attacks on cloud data preventable?
Wednesday, September 17, 2014/
Today one of the greatest threats to your data in the cloud is phishing attacks that collect your staff username and password.
Once an attacker has this data, they can make use of a simple login and abuse and collect methods to damage or harvest information. There is no doubt that this sort of malicious activity can be entirely detrimental to the quality and control of your data.
Certainly, manipulated data can be recovered from an archive or backup if the manipulation is noticed. The cloud service provider can alert you if a new login location or device is detected, but they cannot entirely stop this sort of attack.
This means we need to find other ways to protect the data at rest on these cloud services so that the hacker armed with your staff login credentials is not given carte blanche to read and download corporate information.
Part of the solution is an encryption gateway product such as Vaultive for the Microsoft stack. An encryption gateway adds a layer of protection to data leaving your controlled network so that the data in use, in transit and at rest is encrypted with 256-bit encryption to stop would-be attackers or other agencies from viewing the data.
This also protects you from the staff of the cloud service provider and any other agency that legitimately gains access to the administrative rights of the server. Unless the data travels back via the encryption gateway and is unencrypted using your corporate encryption key it cannot be read.
The important feature of this sort of device is that your organisation generates the encryption key and stores it in your own safe storage. It is not a service provided by the cloud service provider, so they do not hold a key and do not have a back door to your data. You can also control which devices and how those devices access your encryption gateway, so now you are in control of your data.
Of course, once the devices are set up to use the gateway your staff do not even need to know that their data is encrypted. So long as they are recognised by the gateway it will not have any impact on them.
When the hackers hit your cloud provider it will be great to know that yours is the data they could not read.
If you wish to destroy data that is in backup or in archive it is as simple as destroying the encryption key that data was encrypted with, so managing keys by date or by organisational unit gives more granular control of when data is made unavailable. Key rotation becomes your best line of defence.
There are many factors driving organisations to make use of cloud solutions, with a key one being cost of deployment, so there is a degree of inevitability that your organisational data will progress to the cloud.
It is no wonder that encryption gateway products are becoming one of the hottest security products in the marketplace today.
Analysts are suggesting that there are many components to remaining safe in the cloud, from identity management tools to device management tools and on to biometric logon and others. Encryption gateways are just part of the story that is now unfolding to resolve the overhanging issue of cloud security. If you are not sure what solutions you require for your organisation, seek assistance before your organisation hits the press as having the latest breached system.
David Markus is the founder of Combo – the IT services company that is known for solving business problems with IT. How can we help?
LinkedIn engagement pods: Silver bullet or desperate ploy? Sue Parker DARE Group founder
Own it: The 10 things you need to do to manage your personal brand Lisa Stephenson Who Am I Projects founder
How to call your team into action with a winning presentation Emma Bannister Presentation Studio founder
The link between diet and mental health — and how to eat your way to wellbeing Kate Save Be Fit Food co-founder
From interactive videos to AI: The five marketing trends that will dominate 2019 Warwick Boulter Collaboro co-founder
Australia is leading the legaltech revolution, but what does this mean for lawyers, firms and clients? Jodie Baker Xakia founder
Why a video news release needs to be part of your PR strategy Leisa Goddard Adoni Media managing director
Want to catch more customers? Here's how to create a super sales funnel Jovana Vujnic Bumper Leads founder