What the Cloudbleed disaster says about the state of internet security

Last month, Cloudflare, a web content delivery network, revealed that a security bug had caused sensitive data to leak from its customers’ websites.

The security bug, or Cloudbleed, was found in a part of the Cloudflare system that powered vital security features.

The Cloudbleed contamination resulted in private information leaking into the code of other web pages in the Cloudflare network. The data exposed ranged from private messages and IP addresses to cookies and passwords and was activated as early as September 2016.

Data breaches, such as the Cloudbleed leak, highlight the fact that cloud computing, when executed improperly, can make data incredibly vulnerable. If organisations use a cloud provider that doesn’t offer the highest levels of security, it can have catastrophic effects.

>See also: The security challenges with the Internet of Things

In the event that data is lost, stolen or contaminated with malicious software, it can cost businesses time, money and their reputation.

But despite these risks, cloud computing is a necessity in today’s business environment as it affords companies the flexibility, scalability and mobility they need to provide customers with the best service possible.

However, to balance security with the opportunities that cloud brings, it is vital that companies find a cloud provider that utilises security features such as data encryption, two-factor authentication and sophisticated intrusion prevention and detection software.

Two-factor authentication

As businesses develop their online presence by offering online portals or forums to customers and employees, it makes it easier for vulnerabilities in company data to be exploited.

Considering that passwords are constantly under threat from malware, it is vital that businesses opt for a cloud hosting provider that has measures in place to protect its data – should a password be compromised.

Two-factor authentication is an extra layer of security that requires users to enter both a traditional password and provide a physical security token or biometric password such as a fingerprint or retina scan.

By enforcing a second method of authentication on any online portals or company login pages, business owners can have peace of mind that their data is safe.

Data encryption

By deploying a cloud strategy, businesses can share data easily and quickly. However, it is important that critical corporate data is protected at all times, both in situ and in transit.

Encrypted data requires a specific decryption key to transform the information into readable plaintext. This means that even if data is intercepted or reaches the wrong hands – it cannot be read or exploited without the key.

>See also: The Trojan horse: 2017 cyber security trends

Data encryption gives businesses complete control over what information needs to be protected, who can view this information and how it should be accessed. This means the most vital data has the greatest level of protection at any given time – without hindering the flexibility and mobility that businesses require.

Threat awareness and vulnerability discovery

Over the last year, malware attacks have increased in both frequency and sophistication. According to research by the US government, in 2016, over 4,000 ransomware attacks were recorded on a daily basis. This represents a 300% increase in the number of daily attacks from the previous year.

In order to combat this growing issue, many companies invest money in security solutions that only create a perimeter fence around the most important data. Instead of continuously re-building these security perimeters, businesses should focus on implementing a network that can offer real-time threat awareness and continuous vulnerability discovery.

>See also: Busting the 7 myths of cyber security

To successfully provide this robust network, businesses must invest in a cloud provider that treats security as a business management problem. By using a provider that measures threat awareness at all times and operates an integrated prevention system, businesses can be certain that their data is constantly being monitored and protected against malware threats.

It is clear that data security should be a key part of any businesses IT strategy. Whether a business stores its data fully or partially in the cloud, events such as the Cloudbleed leak show just how important is it to choose a cloud provider that is trustworthy.

With data at the centre of every business decision, it should be a top priority of all organisations to invest in a cloud provider that can offer sophisticated methods of data protection and always puts data security at the top of its list.

 


Sourced by Jake Madders, director at Hyve Managed Hosting

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...