The frequency of cyber attacks continues to increase, especially in the education, banking, health and government sectors. One reason for the rise is the transition from storing data on local databases to cloud storage, which is connected via both wired and wireless technologies. While cloud platforms present a convenient way to store large databases that contain customer, employee, financial and sales records, hackers can exploit weaknesses in cloud computing systems and obtain unauthorized access by representing the packet as local traffic.
Hackers target organizations not only with on-premises data centers but also those with environments hosted on cloud computing platforms. Unfortunately, strong firewall rules are not sufficient to protect critical data and provide the authentication and authorization required for operational safety and security. What is needed is a rigorous testing and security validation at the database and application level. It is crucial to protect data in storage when at rest, where the data remains on a device permanently, and in transit, when the data is moved from one location or network to another location/network.
To complicate matters, hackers use modern tools and techniques to gain unauthorized access to the data within an organization, on the internet or stored in cloud computing services. Therefore, data encryption and authentication, implementation of SSL certificates and avoiding non-SSL connections are essential. Equally important are establishing policies that restrict unintended access to environments and regular validation of identity and access management.
Realizing the benefits of encryption and authentication
Data encryption protects sensitive and private data by scrambling text data blocks into a secret code. A decryption key is required to unscramble the encryption. Different algorithms, including DES, AES and RSA, twist the data into an unreadable format, called ciphertext. The ciphertext is transmitted to the receiver with public and private decryption keys to decrypt the data. The receiver decrypts the ciphertext using both keys to turn the ciphertext into readable format.
Data authentication is a complex network communication mechanism that maintains the nonrepudiation and integrity of data. Common data authentication methods include:
- Password authentication. Users must enter a password to obtain access to the data, which keeps the data safe from unauthorized access. Complex passwords using a combination of numbers, letters and special characters are used for more secure data and to further reduce risk.
- Two-factor A one-time password (OTP) is sent to the user's mobile number or email. If it is the original user, access to the data is approved after this OTP is entered. Hackers trying to gain access will not have this OTP, which means data access is denied and the account is locked temporarily to save the data from attacks.
- Token authentication. A token is sent to the network server for authentication. The server checks the device credentials and approves or denies the authentication.
- Parity bit check. This strong and commonly used technique is also known as cyclic redundancy check (CRC) and ensures accurate data transmission. A CRC code is added to the end of the data message before transmission. At the destination point, the receiver gets the data with the CRC code and compares it to the original code. If the values are equal, the data was received correctly.
Secure Sockets Layer (SSL) certificates provide data encryption using specific algorithms. These certificates ensure the security of data transmission from malicious activities and third-party software. Two types of mechanisms are used for encryption within the certificates: a public key and a private key. The public key is recognized by the server and encrypts the data. SSL keeps the data encrypted until the user finishes the communication process. The data can only be decrypted by the private key. If a hacker succeeds to hack the data during the communication process, the encryption will render the data useless. SSL is recommended as an international standard for secure data transmission over websites.
Best practices for securing company and customer data
Organizations can employ several proven approaches to secure their data when using cloud computing. They include:
- Develop an encryption key and access management plan to ensure data is decrypted when access to data is necessary. Key management processes must be in place to prevent unauthorized disclosure of data or irretrievable loss of important data.
- Make sure encryption mechanisms comply with applicable laws and regulations. Any sharing of encrypted data, export or import of encryption products (e.g., source code, software or technology) must comply with the applicable laws and regulations of the countries involved.
- Define access levels to data. Monitor and register inappropriate access activities to reduce instances of insider threats. Delete former employees' accounts immediately upon separation from the company.
- Train all employees in handling confidential data using the latest technology and make sure they understand how the systems use this information.
The biggest cybersecurity misconception is companies think they are completely protected from attacks because they spent millions of dollars implementing security protocols. They forget that there are always vulnerabilities that leave them open to risk, which could result in unrecoverable damages. With the advent of cloud storage, many companies were led to believe that simply moving to the cloud guarantees data protection. And while it is certainly a safe place to store a company's confidential data, it is not an impenetrable fortress. Additionally, some companies stick with older technologies without updating to newer, more secure advancements, which leaves them still vulnerable to security risks.
Companies can tap into innovative security aspects to help them mitigate security threats. Software-defined networks can provide automated security at the hardware level through routers and switches. Configuration management tools provide a convenient method to manage and automate security settings. It is time for companies investing in cloud computing systems to also invest in making their cybersecurity systems more safe, reliable and robust against cyber attacks.
About the Author
Balaji Karumanchi is a senior software engineer at a leading cloud-based data-management company, with 12 years of experience in Agile methodologies, computer systems, enterprise applications, machine learning and data security. He has an MBA from Wake Forest University and has patent rights on a healthcare appointment application. He is certified in AWS, Azure, OCI, PMP and Python.