Technology advances like the internet of things, big data and cloud-based services have generated an explosion in the number of IP connections. To keep them secure, all connections must be underpinned by basic cybersecurity measures comprising cryptographic keys and digital certificates that are tracked and protected.
When an enterprise fails to apply these basic security measures to its assets, it risks leaving whole systems vulnerable to attacks.
A 2016 report by Gemalto and the Ponemon Institute found 92% of businesses encrypt just 75% or less of their sensitive and confidential data when it is sent via the cloud. The proportion of respondents that encrypt data stored in the cloud was even lower at 40%.
Encryption in the cloud
Encryption is one of the most basic methods for securing data, however many companies make the mistake of failing to encrypt sensitive information. If they did, only authorized users with a matching key would be able to actually see private documents and information if they were to be breached.
Data stored in the cloud is often not within an organization’s control. Instead, it may rely entirely on best security practices by third parties. Unfortunately, with third parties it is almost impossible to guarantee that best practices will be applied. Trends like shadow IT are increasingly putting organizations at risk. According to Gartner, one-third of security breaches will come in through shadow IT services by 2020. Also known as bring your own app (BYOA) or bring your own cloud (BYOC), shadow IT is in direct conflict with enterprise data security.
The growth of bring your own device (BYOD) in the workplace means employees may be tempted to use their own cloud-based apps to store or share customer data with colleagues. The result may leave sensitive company data vulnerable with only the strength of an employee’s password to protect it.
Virtual private networks
A simple way to protect data stored in the cloud is with encryption using a VPN tunnel. A VPN enables remote off-site employees to create an encrypted, end-to-end connection with their company network and transfer data securely regardless of their location or the application they are using.
In summary, failure by cloud providers, enterprises and employees to implement basic security measures when handling sensitive cloud-based data is a major contributing factor behind many of the high-profile breaches reported in the media.
With more employers allowing employees to use their own cloud-based apps at work, the risk of sensitive data being leaked is set to increase. Using a VPN will keep company data private and secure whenever it is transferred to and from the cloud.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.