For years, businesses — including small and medium-sized businesses (SMBs) — were hesitant to adopt cloud-based systems, particularly databases, out of fear that cloud storage was inherently less secure. The perception was that on-premises, you could protect everything behind a firewall. You would be in complete control of the hardware and software. Whereas in a cloud database, your data is just out there on someone else’s system, exposed to the world of hackers.
The reality is that data stored in the cloud is neither more nor less secure than data stored on-site. Each platform has its own set of vulnerabilities and requires careful planning and ongoing security diligence to protect the data.
For instance, it is a mistake to assume that a database located behind a firewall is safe and to allow unfettered access to the database on the local network. This approach results in a single point of failure. If a hacker breaches the firewall, then they’ve gained full access to any resources inside.
Cloud databases have their share of risks as well. I will outline some of the top risks and then provide some guidelines on how to keep your data safe.
Cloud Database Risks
1. Data Breach/Unauthorized use
One of the biggest threats to a company’s livelihood is to have private information stolen or accessed by someone who shouldn’t have access. If customers’ personal information is hacked from your systems, you could be liable for fines, lawsuits, and loss of trust. Additionally, those customers could have monetary losses due to identity theft.
2. User Accounts
If the data that has been accessed illegally is user account data, it could provide the hacker with login information that allows them to access many other systems — both yours and those of other companies — if the user reuses passwords. This could result in additional breaches, or your login data could be sold on the dark web.
3. Data Loss
Equally devastating to the theft of data is losing data completely. Whether through ransomware or simply malicious destruction, deleted records may be gone forever, particularly if you don’t have adequate backups.
Applications need a way to access the data in cloud databases. This is often accomplished using application programming interfaces (APIs). This allows multiple applications to access data in a controlled fashion. However, if the APIs have been adequately secured, they can also allow easy access to bad actors.
The first step in securing cloud databases is controlling access to data. User accounts should only be granted exactly the permissions they need and nothing more. Just as with other cloud services, technologies like multi-factor authentication (MFA) should be employed. Additionally, someone should perform regular audits of access and permissions to ensure that access is adequately controlled on an ongoing basis.
It’s a common mistake to set up network monitoring and vulnerability scanning on your local network, but then forget to include cloud systems. Be sure that you put the same level of attention to cloud database monitoring and security that you do for on-premises systems. You may have to shop around to make sure that the security software or managed services can handle cloud security.
One of the worst things that can happen to a company is to have a loss of data through disaster, ransomware, or hacking, and then to discover that it doesn’t have good backups. Some companies never recover from this scenario. Be sure that you are backing up cloud data, too.
Encryption provides a layer of security. So, even if someone gets past other safeguards, it can still be very difficult to make use of the data.
It has become very easy to write APIs for accessing cloud data. If your developers aren’t adequately trained in how to provide security layers for the APIs, then they may inadvertently expose your company’s data to undesired access. Security concerns should never be an afterthought, but rather one of the first considerations, especially when publishing APIs for cloud data.
Most cloud providers deliver some level of security, including replication and backups. However, don’t make the mistake of assuming that is all you need. Sometimes those services are only a starting point. It’s up to you to add additional security software and services to ensure adequate backups and protection of your databases.
Despite the risks, cloud databases provide many benefits that make them worth consideration. Just don’t forget to make security and backups part of the plan from the beginning as you begin to adopt cloud databases.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: