A lot of businesses are beginning to use cloud-based options to store customer data, either as their primary method or as a backup. As with all new technologies, particularly those used to store sensitive personal or financial data, hackers will look to exploit any security vulnerabilities they can find.
Furthermore, cloud storage has already been subjected to a number of high-profile attacks in recent years. Therefore, in this article, David Midgley, Head of Operations at payment gateway and merchant services provider Total Processing, examines why businesses have increasingly begun to use cloud storage options, the issues that have made cloud storage vulnerable to attacks, and how to make cloud storage more secure going forward.
Growing internet penetration and affordable data packs has meant consumer-focused businesses have boomed in the last 10 years.
For example, services like Just Eat and hungryhouse can be used to order a takeaway, and all of the big supermarkets now let you order your groceries online, while Amazon can now be used to order almost anything! Most of these services now also have apps to make such transactions even easier for the consumer, too. This has had the effect of making consumers increasingly comfortable with making financial transactions online. In fact, I would argue that consumers now expect the ease and convenience of making financial transactions in this way to the point that they would stop using services that don’t offer such an experience. However, the public should be wary of handing over their financial details so easily.
More and more businesses have embraced the cloud to store data, and this includes customer data. This data can often be of a sensitive nature, be it financial information, such as bank account details, or the sort of personal information that can be used for identity theft. However, some businesses don’t seem to understand the implications of using such a method for storing customer data.
While the cloud has opened up new frontiers in terms of storage, access, flexibility, and productivity, it’s also opened up a new world of security concerns, as hackers and other malicious parties, now have more avenues to steal what can be very valuable data. As businesses and individuals begin to use the cloud for storage purposes more and more, this also means there is more data to target too. Therefore, more data to target plus there now being more arenas for hackers to search for security weaknesses adds up to an increasing number of opportunities for hackers to gain access to sensitive information.
Therefore, without wanting to state the obvious, it is vitally important that businesses processing and storing customer information do everything they can to make sure it is secure and safe from those with sinister motives.
Unfortunately, though, this is not always the case. Many businesses tend to neglect the Payment Card Industry (PCI) security standards, which of course can lead to problems later down the line. Furthermore, according to many reports, as many as 70% of businesses neglect implementing a rigid IT security plan and don’t maintain a reasonable level of security practice and procedure. Whether this is due to the cost of putting the systems in place or the time cost of implementing the correct practices and procedures, I find this very worrying as someone working in the fintech sector given that the number of people making online transactions continues to rise.
When considering cloud storage systems, these concerns are valid, too, as it has to be remembered that there have been a number of high profile attacks in recent years. For example, the attack on Apple’s iCloud platform in 2014 was a large data breach that compromised the personal photographs of many high-profile figures, causing them a lot of distress. Furthermore, in July 2015, a group calling themselves The Impact Team claimed to have stolen the personal details of all 37 million users of the site Ashley Madison from their cloud-based servers. The following month, two large data dumps then occurred using BitTorrent and the darknet browser Tor. This, in turn, led to a number of extortionists targeting those whose personal details were included in the data dumps.
It appears on both occasions that all of this information was taken by a single hack, too. Regardless of if you think the celebrities were silly for storing such intimate photos on Apple’s central server or what you may think of the users of Ashley Madison, the consequences of companies’ data storage systems being compromised are real and can have a terrible effect on the lives of those affected. Furthermore, everyone affected by those hacks had a reasonable expectation that their personal photographs or personal information would remain both private and secure. Therefore, while user data has been compromised, the trust placed in Apple and Avid Life Media, the company behind AshleyMadison.com, has also been compromised, and this may be one of the reasons why the sales of iPhones have declined in the last couple of years.
It should be remembered though that hackers will attack by whichever route they can find a security weakness. Therefore, it is not necessarily true that cloud storage has made businesses more vulnerable to hacking. It may simply be that such high-profile attacks have made cloud storage systems more of a target for hackers as they now know there are vulnerabilities to be exploited.
It also appears that hackers are targeting long-standing, established businesses. Therefore, it may be that the reason why there have been a number of high-profile attacks against cloud systems in recent years, be it against Ashley Madison last summer or against Sony in November 2014, is because well-known companies have been expanding into the cloud and the remediation, fixes, patches and robust security measures needed to secure such large data sets have lagged behind.
Therefore, I would say that online security needs to be a top priority for all businesses. The good news is that it’s not difficult either. As a start, all companies, whether big or small, need to keep all their security software up-to-date. Furthermore, they need to make sure privacy and spam settings are rigid, and finally, they need to implement two-stage authentication like 2FA (2-Factor Authentication; Password and SMS) in order to access confidential or sensitive information.
While some users may grumble about the necessity and extra time needed to complete a 2FA process, I’m sure they would understand given what the consequences can be.
David Midgley is Head of Operations at Total Processing. Prior to this, he spent nine years working for HSBC from 2004 and also spent two and a half years at Axcess Merchant Services before taking up his current role at Total Processing in February 2016. David can be found on Twitter @DavidMidgley4
Subscribe to Data Informed for the latest information and news on big data and analytics for the enterprise.