Are you afraid in the
‘Cyberspace: the final frontier. These are the voyages of the data from your Enterprise. It’s a new kind of mission: to explore new solutions, to seek out savings and to boldly do what no one else has done before… to send your data to the cloud!’
If you need only a cheap solution for your not-so sensitive data, the bargain bin option is good enough. If you really want to jump into the cloud, look deeper and spend a bit more. But is that enough? Cybercriminals, from basement-dwelling amateur hackers to professional criminal organizations, everyone is trying to get in. Once in, it’s all over: they can see absolutely everything. But how they do get in?
The weakest, and I mean WEAKEST point-of-failure is password-related, closely followed by Wi-Fi (but since we’re talking large scale here, let’s forget the Wi-Fi). In my 15 years of geekdom experience, I can tell you that the least secure password is often the most powerful one: the administrator’s.
Within a 5-year period, you’ve probably had at least 2 people with admin privileges who left the company. Was the password changed? Nah, they’re cool – they won’t do anything. In another 5 years, that number might reach 4-6 people who know the same password and who have also left the company. Why not change it? It’s too complicated; there are a lot of processes that use this account, and blah, blah, blah. (Ok: take a break to call your admin… Done? Ok, let’s continue!)
While shipping your data to the cloud, you keep the same password while the transition is in progress. Once done, you still keep it just in case… And the next week, you completely forgot about it.
Do you really want to give access to your goldmine: your customer base, billing and financial info? CAN the cloud be secured? Yes, but you need a damn good checklist! Most cloud services have very poor protection and security rules. Most of them use virtualization to save on space, power, etc. But a misconfigured network can easily give your neighbor access to your machines, and let him have a sneak peek (or an all-he-can-eat buffet).
Encryption is the key – even locally where your host/provider shouldn’t have access to your data (but never say never).
Many businesses don’t pay enough attention to these low-level details and instead spend too much money on high-level security, until they get infiltrated. This not only affects businesses, but Government data too.
And the password issue is only one of the reasons why you should fear the cloud.
Trackback from your site.