Cloud Security Issues and Solutions by Buffalo

By Tim Li, technical writer, Buffalo Americas, Inc.

Modern businesses run on data, and secure data access is more essential than ever.

Data servers can be difficult to access for remote employees, which is why cloud storage can eliminate these issues by allowing instant, secure access to your data from anywhere. However, data security is widely considered lacking for cloud services, and this includes a range of risks and vulnerabilities that you may not have considered. For example, Verizon’s 2019 Data Breach Investigations Report identified that usage errors and mis-configurations contributed to at least a quarter of unauthorized intrusions. Before considering implementing cloud services for your business, make sure you are aware of the issues you may have to tackle.

Lack of visibility
When you use a cloud service provider (CSP) to leverage cloud storage for your business, you are entrusting a third party to maintain a great deal of your IT infrastructure. Every complex system, IT or otherwise, will have its vulnerabilities, and utilizing a third-party CSP means you will be blind to a majority of the CSP’s system vulnerabilities. It stands to reason that if you aren’t aware of a part of a network or cloud and its possible attack surfaces, you can’t prevent or detect an attack that occurs there.

For multi-tenancy environments, one of the drawbacks of a non-centralized storage repository is that you may have reduced visibility into where data is actually stored in the cloud, leading to data security issues. For example, your CSP may automatically store all versions of a file you are updating, and copies of the file may live in various servers across various data centers unbeknownst to you. Different CSP will also have their own file deletion policies, and if you are not careful, you could end up creating ‘zombie’ data – files that you thought were deleted but actually weren’t. If you cannot verify that your data was securely deleted, you cannot ensure that old data is not available to threat actors. Worse, depending on your industry and location, having zombie data floating around may put you in violation of industry compliance regulations.

Added IT complexity
Although moving to the cloud means there are less physical assets and devices to manage, this can actually introduce additional complexity into your IT infrastructure. Instead of overseeing just the on-premises operations, your IT staff must now contend with integrating and maintaining cloud data and assets. Depending on your CSP, you will need to configure the level of access and encryption needed for your business, neither of which will be simple when it comes to the cloud. From a remote access point of view, your employees will need to be able to securely access, exchange, and update data from a range of locations. To migrate to the cloud, you will need to work closely with your CSP and figure out whether you have the resources to meet these metrics.

No matter the industry or the size of your business, asset management will always affect productivity. Maintaining assets in a confined workspace is one thing, but when you move data across a global network of nodes and devices outside of a single physical office, it will require a new level of management awareness. One of the known security issues of cloud services is the fact that many cloud assets are short-lived in comparison to traditional physical IT assets such as servers and computers, which can be connected to a network for years. The flurry of fleeting cloud assets make it difficult to keep track of everything that is connected to a network over time, leaving security gaps that threat actors will be keen to exploit.

The tools and services needed to monitor cloud services infrastructure can vary across different CSPs, and having to adjust your policies and technology when implementing cloud will further add to the complexity. These issues will all contribute towards potential security gaps and human error occurrences in IT infrastructure.

Inadequate backup and recovery
Many businesses, especially SMB, don’t mitigate their data loss risks properly when it comes to cloud storage. Even though you might be managing less physical devices, data loss can still just as easily occur with cloud storage, due to well-known factors such as human error, natural disasters, and hardware failure. All hardware comes with an expiration date – drives fail and servers deteriorate. The threat of data failure should be even more carefully scrutinized as you work with a CSP, especially if you consider SLA that guarantees certain data availability or uptime thresholds. If your CSP doesn’t offer satisfactory data recovery, you might have to designate additional resources towards backup and recovery.

The other side of the coin to consider is that cloud services will offer just as many threats and risks for data loss as on-premise systems. For example, businesses that utilize cloud storage to enable remote work often don’t provide adequate backup or recovery options for the remote employee’s device. If the device suffers a cyber attack or otherwise fails, recovering this data can be very difficult, and will come down to how well the employee has backed up their data. Or if the employee uploads encrypted data to the cloud but ends up losing the encryption key, then the data is essentially lost forever. Because cloud storage also offers less visibility to your IT infrastructure, it is just as easy to simply lose data due to factors outside your control, such as the misunderstanding a CSP’s storage model, the CSP suddenly changing service offerings or even going bankrupt. To mitigate such risks, it is best that you avoid fully migrating to the cloud until you have carefully determined whether cloud services are the best fit for you.

Unauthorized access
The most vulnerable part of cloud services is their APIs, which is the set of interfaces businesses use to access and manage their assets and users. Like any other OS, they can contain the same software vulnerabilities that threat actors can exploit for unauthorized access. Because these APIs are accessible over Internet, they are exposed to a variety of cyber threats that seek to infiltrate the API and access an organization’s cloud assets. Worse yet, attackers can use the compromised data to go after a business and its customers, leading to potentially large-scale data loss.

Other than a cloud service’s API, the applications you run on the cloud environment can also be compromised. This is an especially easy attack surface to miss for many businesses, as even a rigorous regimen of firewalls, port monitoring, and anti-viruses will do next to nothing if the attack originates from code running from within your development environment. The recent Capital One data breach, one of the largest data breaches in history, was carried out with the attacker exploiting a mis-configured firewall.

Another complication that can arise from multi-tenancy is that the attack surface is vastly increased as tenant separation can be difficult to maintain. If tenant separation controls fail, this allows an attacker that infiltrated one organization’s assets to easily gain access to another organization’s resources or data. This compromises the security of the cloud and your data.

User security issues
Cloud services can enable more efficient remote work, but it also brings its own host of user errors that can occur, leading to data security issues. Working onsite means you are working behind a secure layer of various protection protocols. Your IT team works hard to maintain updates, blocks spam, run antivirus scans, etc., and your business is likely operating under secure policies and technical controls to further keep your data safe. But once you are removed from this environment, it is almost impossible to keep track of the precautions you will need to undertake.

For example, remote employees may sometimes use applications and resources without the IT department’s knowledge; if they are unaware of this, it is impossible for them to take any security precautions. This issue can be compounded when the remote employee uses the same device for both work and personal use, which exposes business data to security vulnerabilities that may be present in personal files (and vice versa). If an employee’s device becomes compromised due to a phishing attack from a private message or personal email, the business data is lost along with it.

Other than security issues, file errors are just as likely to occur with cloud storage, with more pronounced online activity of encrypting, exchanging, and updating files. Data can be uploaded to the wrong server, easily overwritten, or otherwise become lost. If employees are not trained in cloud security practices, or if they are not working from within a secure environment, data loss can happen just as easily as with a physical server, only you may not have the benefit of being immediately aware.

Secure remote data access solutions
Before implementing any cloud services, you should do considerable research into your CSP and their security features. Not all CSPs offer the same level of security, and some may not have sufficient security measures to meet your needs (or compliance regulations). Before using any cloud services, talk to your IT department about creating a comprehensive data security plan that protects vs. cyberthreats and data loss, as well as technologies including multi-factor authentication (MFA), firewalls, and other endpoint security technologies to enable secure remote work.

To harness the benefits of cloud storage while leveraging its security weaknesses, Buffalo recommends implementing a hybrid cloud structure. Hybrid cloud is an environment that merges a third-party public cloud with your company’s on-premises private cloud over a WAN into a single data infrastructure for your business for your applications, operations, and storage. A hybrid cloud offers a flexible blend of public cloud for cost savings while still maintaining the security of keeping sensitive business data on-premise devices, and is considered a ‘best of both worlds’ solution for modern businesses.

For an effortless hybrid cloud solution, NovaStor’s cloud solutions integrate cloud storage directly into the NovaBACKUP application for an hybrid backup. You can continue to use all the scheduling, configurations, and processes that you are used to, but hosted in the cloud for additional safety.

You can create your own perfect hybrid cloud that’s tailored to your needs using Buffalo’s NAS devices. This allows you to mitigate the various cloud storage security issues while enjoying the broad cost benefits of public cloud. For a hybrid cloud solution, NovaStor’s cloud solutions integrate cloud storage directly into the NovaBACKUP application (included in the TeraStation NAS) for an hybrid backup. You can continue to use all the scheduling, configurations, and processes that you are used to, but hosted in the cloud for additional safety.

The company’s NAS solutions with Remote Management Service also allow to remotely manage IT assets while ensuring that remote employees are working securely and within security compliance regulations. Along with our 24/7 customer service and data recovery service, the firm is here to help you achieve data security while providing the storage and backup you need.

Read also:
Buffalo 2-Bay TeraStation 5010 NAS Replaced With Partially Populated 4-Bay TeraStation 5010
To fulfill storage needs of small businesses and users
July 2, 2020 | Press Release
From Buffalo Americas, Partially-Populated 4-Bay Rackmount TeraStation 6000 NAS+Snapshot Series
VMware-ready file server and iSCSI NAS solution from 8TB to 32TB
June 3, 2020 | Press Release
By Buffalo, Populated NAS, Enclosures and Data Security
Why app stores and transcoding might impress reviewers but not IT experts?
May 22, 2020 | Press Release