November 16, 2022
Cloud computing services have become an essential tool for most organizations. It’s a trend that has accelerated in recent years, with cloud-based services such as Zoom, Microsoft 365, Google Workspace, and many others becoming the collaboration and productivity tools of choice for teams working remotely.
While the cloud quickly became an essential tool, allowing businesses and employees to continue operating remotely from home, embracing the cloud can also bring additional cybersecurity risks — something that is now increasingly clear.
In the very recent past, most people connecting to the corporate network were doing so from their place of work, and thus accessing their accounts, files, and company servers from inside the four walls of the office building — protected by enterprise-grade firewalls and other security tools. The sudden expanded use of cloud applications meant that this was no longer the case — with users able to access corporate applications, documents and services from anywhere. That has brought the need for new security tools.
In our three-part series, we’ll be expounding upon the extreme importance and vital components of cloud security.
Recognizing the Dangers of Poor Cloud Security
While it brings a number of positives for workers, remote working also presents an opportunity for cyber criminals. They have quickly taken advantage of the cloud shift to attempt to break into the networks of organizations that have poorly configured cloud security. Meanwhile, corporate VPNs and cloud-based application suites have become prime targets for hackers. If not properly secured, all of these can provide cyber criminals with a simple means of accessing corporate networks. All attackers need to do is get hold of a username and password — either by stealing them via a phishing email or using brute force attacks to breach simple passwords — and they’re in.
Because the intruder is using the legitimate login credentials of someone who is already working remotely, it’s much harder to detect unauthorized access — especially considering how the rise of hybrid working has resulted in some people working different hours to what might be considered core business hours.
Attacks against cloud applications can be extremely damaging for victims, as cyber criminals could be on the network for weeks or months. Sometimes they steal large amounts of sensitive corporate information, and other times they might use cloud services as an initial entry point to lay the foundations for a ransomware attack that can lead to them both stealing data and deploying ransomware. That’s why it’s important for businesses using cloud applications to have the correct tools and practices in place to make sure that users can safely use cloud services — no matter where they’re working from — while also being able to use them efficiently.
Very Basic Cloud Security Tools
One obvious preventative step is to put strong security controls around how users log into the cloud services in the first place. Whether that’s a virtual private network (VPN), remote desktop protocol (RDP) service or an office application suite, staff should need more than their username and password to use the services. Whether it’s software-based, requiring a user to tap an alert on their smartphone, or hardware-based, requiring the user to use a secure USB key on their computer, multi-factor authentication (MFA) provides an effective line of defense against unauthorized attempts at accessing accounts.
According to Microsoft, MFA protects against 99.9% of fraudulent sign-in attempts. Not only does it block unauthorized users from automatically gaining entry to accounts, the notification sent out by the service, which asks the user if they attempted to log in, can act as an alert that someone is trying to gain access to the account. This can be used to warn the company that they could be the target of malicious hackers.
In our next blog, we’ll share more ways of keeping your cloud architecture secure. If you require assistance with your current cloud solution, or you’re ready to see how Rimstorm’s Cloud Security can help you reduce risks, pass audits, and enhance your security posture, contact us now for a free evaluation and price quote.