Cloud-related cyber attacks have escalated as organizations continue to adopt various forms of cloud computing. According to a recent report from CrowdStrike, cyber attacks are climbing as threat actors grow more adept at exploiting the vulnerabilities in cloud environments. CrowdStrike’s 2023 Threat Hunting Report shows an astounding 95% increase in cloud attacks.
Cloud security risks are also rising due to the wide expansion of remote work. Hybrid and remote work is largely dependent on the use of cloud-based collaboration tools, such as video conferencing and others that permit cloud-based sharing and storage of documents, content, recordings, and data – including proprietary information. Research from Dig reveals that “more than 30% of cloud data assets contain sensitive information.”
Expanding cloud environments can easily lead to cloud data sprawl and the risk of storing sensitive data in multiple places. Data is also more susceptible when it is shared between storage assets, cloud accounts and managed databases. Additional vulnerabilities occur as a result of over-permissioning access to data.
Organizations must implement robust security strategies for cloud environments, including for all third-party cloud-based tools. Vulnerabilities grow as these environments become more complex.
Potential risks increase with complex cloud storage environments
Organizations may not always be aware of how information is shared and stored by third-party tools.
All firms must be cautious about what information, data and content they are providing to third parties via cloud-based software and tools. For instance, when online meetings are conducted with many video conferencing products, information shared is sent into the cloud and stored – potentially exposing various types of data, from shared documents to meeting recordings.
Depending on the firm or industry, information at risk may include confidential intellectual property, proprietary “secret sauce” information, R&D data, M&A information, product designs, as well as financial, legal, medical, or personally identifiable information (PII).
Complex hybrid cloud or multi-cloud architectures with multiple cloud providers also increase the risks of a data breach. Multi-cloud solutions may include combinations of on-premises and public cloud storage and environments. Along with collaboration tools, business processes and popular AI tools also store information and data in the cloud.
Many vulnerabilities arise when uploading and storing customer or proprietary data to a cloud that’s controlled by a third party. Data is at risk of being compromised or stolen by hackers or other malicious actors. Information is also at risk of being accessed by unauthorized users when precautions are not adequate.
Recently, concerns have developed regarding AI-generated content, which is typically based upon customer-provided content, and is quite often kept in the cloud outside of the control of organizations. For sensitive internal communications, companies may inadvertently provide a blueprint to their own proprietary information and intellectual property to other companies, without realizing they have provided consent.
Cloud storage is also linked to more instances of shadow data. Shadow data is any company information created, stored or transmitted outside of company infrastructure or control of the firm’s IT function. When data is stored anywhere outside of the company’s view, security risks rise significantly.
Organizations must take steps to protect and secure the data that is transmitted and transferred with video collaboration and other cloud-based business tools.
Tips to protect data shared in video collaboration and document sharing tools
A cloud security strategy is an essential component of an organization’s overall cyber security strategy. But, the security approach may vary depending on how each cloud provider or third-party tool is being used. According to one report, “more than 73% of companies have applications or infrastructure in the cloud. These cloud environments, operated by cloud service providers and SaaS (News - Alert) vendors, are not a part of an organization’s network…”
Organizations can take precautions to secure their data when using collaboration or other third-party tools. Firms that routinely handle proprietary information, such as legal, financial, healthcare, or corporate, must consider a more stringent approach to safeguard customer and client data.
Some best practices for third-party cloud-based tools include:
- Implement Zero Trust principles to cloud providers or cloud storage instances. When evaluating vendors, find out if they use Zero Trust policies for their software tools.
- Choose business and collaboration tools that are secure by design and default, as per guidance from the Cybersecurity and Infrastructure Security Agency (CISA). Look for software with security built in throughout the design and development process.
- Become aware of what data is being routed to third-party tools. Use caution about what information is being shared and stored in the cloud.
- Consider using collaboration tools that do not route your data to a third party.
- Look for applications that allow your organization to control how and where data is stored, or that support private cloud storage.
- Follow principles to limit and control access to tools, data and information.
- Evaluate whether your data is affected by third-party software terms of service or licensing agreements.
Finally, organizations must create a culture that follows best practices for cloud cyber security. Ideally, firms must also constantly evaluate their cloud and other solutions for potential vulnerabilities. By choosing tools that allow complete control over data and privacy, organizations can provide additional safeguards for their systems.
About the author: Allen Dreenan is co-founder of Cordoniq, Inc. When he founded Cordoniq, he brought together many of the team of senior engineers who created Nefsis (which he also founded back in 2005) and OmniJoin, as well as new talented team members, to create the next generation of truly secure, state-of-the-art video conferencing and collaboration. With Nefsis Drennan introduced a cloud-based, video conferencing online service, cited by Frost and Sullivan as the first of its kind. Over his career Allen has designed, built and deployed large-scale SaaS solutions for real-time video and collaboration, and created new technology for mobile video user interfaces, messaging, text, voice and video communications. Some of these solutions have been recognized in Gartner’s (News - Alert) Magic Quadrant and featured in major industry publications over the years, such as eWeek, PC Magazine, USA Today, New York Times, The Wall Street Journal, CyberDefense Magazine and more.
Edited by Erik Linask