Pravin Kumar C. Product Manager, ManageEngine Image Credit: Supplied

Enterprises start enjoying cost savings within months of their cloud adoption. Features like guaranteed uptime, automated backups, and the ability to scale with ease have made cloud storage more lucrative. Companies are tempted to leverage cloud in all possible models such as infrastructure as a service, platform as a service, and software as a service. However, security is one caveat holding back many chief information officers from jumping on the cloud bandwagon. Here is the list of security concerns to seriously consider.

Auditing across all application tiers: Enterprises want complete control over their data and configuration changes. They need answers concerning the who, what, and when associated with these. Failed logins and traces of sensitive information in log files should also be auditable from an enterprise’s standpoint.

How secure is the cloud provider’s application programming interface (API): Cloud providers supply APIs to end users for managing their data in the cloud. APIs that accept input from users should be thoroughly tested for cross-site scripting and structured query language injections. Allowing clear-text passwords or improper authorisations could pose a serious threat to the underlying data. Individual API calls involving application transactions will serve as a potential target for hackers. Hence, any API calls to application transactions need to be logged and monitored.

Malicious insiders: Enterprises mitigate the threat of malicious insiders by following due diligence during recruitment. But while adopting cloud storage, enterprises do not have any control over the providers’ employees. Moreover, there’s no transparency in cloud providers’ hiring procedures and policies. This raises concerns for companies.

Geographic challenges: Cloud providers replicate data to multiple data centres across the globe. While enterprises could be relieved that they have mitigated the risk of natural disasters, the data is now exposed to risks such as search and seizure by local government authorities.

Account hijacking: When enterprises start moving towards the cloud, it becomes a sweet spot for the hackers. Attacks on Dropbox, Snapchat and others have raised suspicions about the reliability of cloud services. To mitigate such risks, cloud providers should follow stronger password policies and multi-factor authentication.
Who owns the data? Most cloud providers have a clause in their contract mentioning that they are sole owners of the data. This helps them to avoid legal hassles when things go wrong. It also gives a huge advantage as they can now mine the data and unlock various opportunities. The clause can be a serious threat for enterprises because the provider is entitled to use the data any way it sees fit and can even sell it to third parties.

For enterprises looking to scale, cloud storage seems to be the most plausible solution. However, the security challenges threaten to turn the cloud dark. Hence, enterprises need to exercise due diligence to find the cloud’s silver lining.