In December, SingleHop asked nearly 200 bloggers for their predictions for Cloud Computing in 2015. They published their favorite predictions in their blog and asked that the contributors share their picks with our readers.
My prediction did not make their favorite list, possibly in part because it was a prediction of a serious cloud-based problem in 2015. The Cloud has so far been a fairly safe place to play. For the past four years I have reviewed the Verizon Risk Team annual security report and various Ponemon Institute reports. While the Cloud has been involved in some serious security breaches, the Cloud was not a contributing factor: the breaches were due to companies’ failure to properly protect their networks and data. I believe that for many organizations, the additional security expertise provided by Cloud Service Providers and existing cloud management software actually makes the Cloud safer than their own data centers.
I recently reported on Websense Security Labs 2015 Security Predictions. One of their predictions nicely supports my submission to SingleHop: Sometime in 2015 one of the Cloud-based collaboration tools will be hacked and a company’s confidential and proprietary information will be stolen. Two factors are driving this prediction:
- Hackers are becoming much more targeted, going after specific companies for a specific purpose. That purpose could be financial, such as selling your information to a competitor or holding your data hostage. It could an act of hacktivism, someone who does not like what or how you do business. It could also be part of a government attack at your country’s economy.
- These collaboration sites provide a place for hackers to hide their command and control infrastructure. Your company is probably watching the places you visit in the Cloud, but will not flag traffic to and from places like Google Drive, Microsoft Office 365 or the like, especially if your company supports using those collaboration tools. The hackers do not have to deliver malware to your desktop in order to capture your information.
The last word:
Unfortunately, neither Microsoft nor Google have stellar security reputations. If your company uses collaboration services, make sure your security team is monitoring for news of successful hacks through these services. The best thing to do is to encrypt any confidential or proprietary data that your employees and contractors store in these collaboration spaces, and periodically review the cloud-based documents for violation of your encryption policy.
Keep your sense of humor.