Storing your files in cloud backup naturally comes with a number of advantages when compared to solely backing up your data and files on a local device.
However, cloud backup also comes with certain cloud-specific security concerns that you need to be aware of – and reading this guide will ensure that you are.
Cloud backup security Issues and threats
For clarity, I've attempted to distinguish between security 'issues' and security threats. This is not an official demarcation and you could class some of the threats as issues and vice versa. Many of the threats mentioned below go hand-in-hand with issues too – a data breach, for example, often happens due to a vulnerability in a system, but there is typically an attacker taking advantage of it.
In this article I am classifying threats as actual, deliberate attacks that are out of your control, so you have to protect yourself against them. 'Issues', on the other hand, are things that could potentially leave your cloud backup vulnerable, but it is in your power to change that – so we'll go through those first.
What are the biggest Cloud backup security issues?
Right from the word go, you could be giving yourself a security issue by simply entrusting a poor standard of provider to back up all your sensitive information. You need to ask questions like whether the provider you're considering has a good track record, whether it's reliable, and what its reputation is amongst current and former users. Other things to consider are whether the provider uses the most up-to-date security protocols, and whether it maintains total physical control of the virtual environment it is managing. Depending on the sensitivity of the information you are (or plan to be) backing up to the cloud, you may even want to look into things like the real-life (as opposed to online) security at the data center the cloud servers are held in.
Data can be lost – or even worse, stolen or deleted – when it's transferred to your cloud backup from a local device, when it's removed, or when it's moved between backup services. If the individuals that need access to the backup aren't fully prepared, and if there's no real plan in place to restore lost, stolen, or deleted copies securely and safely, you're setting yourself up for potentially major security issues. When you aren't prepared, mistakes happen, and when mistakes happen, your data becomes vulnerable. There are also problems with implementation in terms of the cloud provider itself and how it's set its own systems up – US Bank Capital One had their cloud operations hacked in part due to a misconfigured firewall.
As a way to keep costs down, cloud service providers often virtually separate two clients and let them store their data in the same hardware infrastructure. This means one of the best things you can do is ensure that you are securely isolated from the other tenants on the same hardware. All tenants on the same physical hardware should be segregated, and both access and authentication security measures must come into play at more than one level. Getting to grips with your provider's security standards and how they manage multiple tenants in conjunction with one another is thus essential.
Another frustrating issue that's painfully obvious yet also painfully easy to avoid is weak passwords. When you have multiple individuals accessing a cloud backup space you've paid for with different levels of permission on what they can access, strong, complex passwords are of course essential to preventing unauthorized individuals from doing the same. It goes without saying that strong, robust passwords are something that should be top of the list when it comes to securing your personal information anywhere, not just on the cloud.
If there are cloud users in your company who aren't up-to-date on the relevant cloud security and recovery protocols, then you could find yourself in hot water if disaster strikes. It's paramount that all staff/users/individuals with access are properly briefed on what to do in an emergency, for instance, or else you could end up losing reams of important information.
Sharing data and links
Many cloud storage and backup providers try to make it as easy as possible to collaborate on projects and simple links can be used to grant access to anyone who clicks them. This is, of course, a potential security issue if the links are sent to the wrong people and there's no verificatory step. It's often difficult to revoke access to just one person in possession of the link, complicating things further if it is forwarded on – intentionally or unintentionally – from an authorized user to someone who shouldn't have access. Misdirected emails cause serious problems for companies – thousands are sent to the wrong people every year – so making employees aware of this is of great importance.
What are the most common cloud backup security threats?
A data breach is a broad term that encompasses any intentional or accidental breach of a storage or backup system by someone trying to obtain the sensitive information held within. These are much more likely to occur if outdated security measures are implemented. In an intentional breach, an attacker may look to obtain unauthorized access to your cloud server for a number of reasons, especially if you work with sensitive or valuable information that would be worth their time to steal.
However, there are also plenty of examples of breaches in which poorly configured databases make information available to anyone, and they're often spotted by well-meaning members of the public who have stumbled across it while looking for something else.
Just like most people and services operating in cyberspace, those who use cloud backup services are often targeted by phishing attacks, social engineering scams, and malware. If an employee clicks a dodgy link in an email they really shouldn't have, for instance, and either a program or person manages to assume control of or infect their device, they could very well find the login credentials they need to access your cloud backup. Malicious actors may even leverage ransomware programs in an attempt to earn some money from their exploits.
A former employee with an ax to grind – and knowledge of your cloud backup system – could be a major threat to the security of the data held in your cloud backup. Not only do they know your security systems inside out, but they may also still have their old login details. Taking a nonchalant approach to updating authentication credentials is naturally not advised.
Denial of service attacks
DDoS attacks are often used to disrupt businesses that have huge online infrastructures, including cloud backup and storage. Standing for 'distributed denial of service', a DDoS attack will target a resource or a service (in this case a cloud system) by flooding the system with traffic, rendering it completely unusable for customers in the process.
Cloud backup best practices
Questions to ask yourself
before you start to configure different security measures, here are a few things you should think about:
- How sensitive is the data or information you're storing in the cloud?
- Who do I want to have access to this data?
- What is the level of technical knowledge amongst authorized users?
Keep off-site copies
It's always best to keep an off-site backup of your files that's as up-to-date as humanly possible. That way, you're not reliant on the cloud backup you've made in an absolute sense, and you can always access this if you need to.
Keep a close eye on your files
One thing that will help you mitigate potential issues is regularly checking things like your file access logs and whether the files are actually being backed up properly. This means you'll be best placed to deal with a threat as soon as it arises, but also you'll be able to see if there is any suspicious activity taking place on your server. Some cloud providers have security logging as a setting you may need to turn on and configure, but this is always advised. Utilizing a User Behavior Analytics (UBA) security solution is also useful as it can accurately flag anomalous behavior.
Know your backup schedule
Your backup schedule will likely depend on the size of your company or the purpose for which you need to use a cloud backup. If there are hundreds of backups being made every day and a number of people accessing the server, you're going to want to back up more frequently than the average cloud user. Your bandwidth and allocated space will also play a role. Knowing this schedule like the back of your hand will help you react more swiftly and recover quicker in a crisis situation where data has been compromised.
Enforce the principle of least privilege
The principle of least privilege is something you should always bear in mind when securing any network or system. The principle states, simply, that users and programs should be granted the minimal number of permissions or amount of access needed to perform their job/function and no more. By sticking to this principle, you'll decrease your chances of accidents and errors leading to data breaches, and it reduces the attack surface of your cloud network.
Turn on 2FA/MFA
The more security barriers you put up, the less likely it is that someone will be able to access what's behind them. This is the guiding principle behind two-factor authentication/multi-factor authentication. If you can add another layer allowing you even tighter control over logins and authorization, then why not do so? Most major cloud backup providers these days offer some sort of multi-factor authentication mechanism.
Encrypt your backups
Most major cloud backup providers will encrypt the information you choose to store with them, but it's always good to check which encryption ciphers or standards are being used to keep your data safe. Ideally, you'll want to be using AES-256 bit encryption, as this is the industry standard and considered the most secure encryption cipher available. Anything less introduces an element of risk you don't get with AES. It may also be a good idea to encrypt your data using your own encryption keys.
Always make sure data in transit is encrypted – encrypt your files before they reach the cloud.
Block downloads from unmanaged devices
Cloud services are designed to be accessed by multiple authorized users from a number of different devices. However, accessing the cloud and downloading documents onto an unfamiliar and unmanaged device is a potential security vulnerability. Blocking downloads from unmanaged devices can help you reduce the risk that your data will end up in the wrong hands.
Educate authorized users
The best way you can protect your cloud backup from threats and issues is to educate the users who have access, especially with regard to social engineering scams, phishing, and the like. Familiarization with an incident response process and recovery protocol is also essential.
Choosing a secure cloud backup provider
Looking for a new cloud storage provider, or want to learn more about how you can secure your backups? Then visit ProPrivacy's cloud backup and storage hub for more information, tips, and guides on how to do cloud computing the right way. You'll find detailed analyzes and evaluations of the most widely used providers.
There are also articles like our guide to cloud backups for large files, which compares and contrasts the pros and cons of the best cloud backup services currently available on the market. Head over to our article on is cloud storage secure, on the other hand, looks at how secure some of the major cloud backup providers actually are. Head over to the hub to check them out!