Many people feel that Cloud computing has been around for quite a long time, and intrusion into such technology is far from innovative. To them, it appears that instead of storing data on their own servers in a server farm, they now store their data in much larger clusters of servers in someone’s data center.
The Cloud's threats arise from the sheer scale of data that users store in the cloud and not due to any inherent weakness of the cloud technology itself. This changes the risk profile significantly and therefore it is critical that the security strategy of businesses should also change to keep pace with the evolving threats.
The astronomical quantities of data being stored in the cloud are giving rise to new kinds of threats that did not exist previously. Two major issues are involved. First, the large concentration of data in a logically single location is creating an extremely high value ‘information target’. Typical examples of such data are datasets comprising Government Health Care records, eGovernance data, and datasets belonging to large businesses and banks and so on. An attacker can obtain an enormous benefit by breaking into such a data repository. The second issue pertains to the fact that it is virtually impossible for a security administrator to know where his company data is physically located.
A corollary of the above two situations is that new types of risks are being created. We have seen this in the increasing trend of governments using their power to target other governments and corporations. With the resources that modern governments command, their teams can mount sophisticated multifactor attacks that are beyond the expectation and understanding of any business, bank or enterprise. These entities simply do not have the skills and the resources to prevent such attacks. In addition, organized crime organizations mount similar attacks.
The other issue is the increase of the very sophisticated “Stealth Cyber Attacks”. Attackers will take great pains to hide any evidence of the breach while they continue their attacks. The value of this type of attacks and the damage an attacker can cause increases exponentially with the time for which the attack stays undetected. Consequently, businesses facing well-designed attacks may never come to know of security breaches.
Faced with these realities, any company that relies on traditional methods of securing data behind a firewall and database access controls will be in for a rude shock. No attacker will advertise his presence. In fact, the most successful attacks will never be discovered. What if you are the victim of such an attack right NOW?
There is only one answer to this situation. When you are faced with a new threat, you must fight it with a new weapon. The approach to security can no longer follow a perimeter protection paradigm. You do not protect the perimeter; you protect the data. Take it as a given that the attacker will access your data. Remember the Heartbleed issue and for how long it had continued without users being aware that they were exposed?
Take it as a given that the perimeter will be breached. We need to ensure that even after the attacker breaches your perimeter defenses (firewall, IDS etc.) he finds nothing of value to steal.
Can anyone say how many Heartbleed attacks (or even more powerful ones) are underway now? No one can, but you can be sure that they are underway even as you read this.
Can anyone say how much data is being stolen right now? No one can, but you can bet that data is being stolen from some company’s networks right now.
With new data security solution in place, you can be sure that, your data is not at risk. You need to start with the assumption that the attacker will eventually be able to get access to your network or data. Working from that position, you ensure that WHEN the attacker / government / malicious insider do get access, your data is stored in a format that ensures that it is of no use to them.
Read Mitigating the risk of data breaches with-tokenization
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmask
