Every data breach is a reminder that it is your responsibility as a company not to let your guard down or you will end up becoming another data breach statistic. However, we have all been dealt the same hand with the unforeseen movement to working from home because of covid-19.
Working remotely and in the cloud is a first for many businesses across the UK, which has resulted in issues with security and data protection.
If you work in a public cloud environment and have either experienced a data breach or are concerned for the security of your company’s data, then stick around.
The Causes of a Data Breach
In February 2021, there were an astounding 2.3 billions records breached, mainly caused after a ransomware attack against the cloud service provider Accellion. This breach affected businesses on a global scale, including companies in the UK such as Foxtons Estate Agency, Oxford University covid-19 laboratory, Scottish Borders Council and NurseryCam.
Attacks like ransomware occur on a daily basis, in which it is estimated that a business will fall victim to an attack every 14 seconds. That means that your business could fall victim to an attack any second now (literally)!
Data breaches are not just the result of cyber attacks, like ransomware. Some of the other causes of a data breach are:
- Weak and stolen credentials
- Malware
- Application vulnerabilities
- Employee negligence
- Social engineering (e.g. phishing emails and pretexting).
Installing a simple anti-virus software isn’t enough to stop a data breach, especially with the level of sophistication and knowledge of hackers nowadays. Hence why businesses turn to a managed cloud provider.
The difference between a Private Cloud and a Public Cloud
A private cloud is used exclusively by one business or organisation, in which it can either be physically located at your organisations on-site data centre or it can be hosted by a third-party service provider. The private cloud users have the cloud to themselves, in which the services and infrastructure are always maintained on a private network and the hardware and software are dedicated solely to your organisation.
A public cloud is offered to multiple customers by a cloud provider, in which it runs on remote servers, in which the customers access those services over the Internet. This means that multiple, usually unrelated customers share the same computing resources (CPU, storage, memory etc.), which are hidden from other cloud customers using the same public server.
Whether you are in a public or private cloud, working in the cloud in general is advantageous to your business no matter what, especially if you are moving from an on-premises system.
Want to know more about why you should move to the cloud? Check out our blog about moving to the cloud when it is time for a server upgrade:
https://citadel.tech/2021/03/19/i-want-to-move-to-the-cloud/
If you have experience or are currently working in a public cloud environment, then you will know that a public cloud enables companies to cut down IT operation costs and a decrease in server management in-house. And whilst many cloud service providers will have the resources to implement stronger security measures, there are several risks that business owners need to understand in order to protect their organisations and mitigate these risks.
Lack of Security
With multiple companies sharing a public cloud, as shown in the graphic above, there may sometimes be multiple companies using the same physical server at the same time. This is called multitenancy.
Even though the risk is small, multitenancy could lead to a data leakage. If there is even one flaw in the infrastructure, then this could make the entire environment vulnerable. This could lead to another tenant (user) or a hacker having access to all data or they could assume the identity of another customer.
Lack of Business Continuity
You may not be aware but storing your data in a public cloud does not mean that your data is protected completely, especially when it comes to backups and disaster recovery. Even though some providers say that there are redundancies in place in the event of a disaster, it has been made aware that many systems have been down for hours, like with the incident with Google in 2015 in which client data was lost.
Another example of a more recent incident is with Hackney Council. Last year, Hackney Borough Council were victim to a suspected ransomware attack, which made some of their key services unavailable. It was suspected that their IT systems would be offline for months, in which the Mayor revealed it is likely to cost them roughly £10 million.
Without backups and built-in business continuity, the risk of an attack bringing your business offline and losing customer data, like with Hackney Council, are high.
Lack of Ownership and Control
It may come as a surprise, but it is often the case where the customer is not the only owner of the data stored in a public cloud. Many public cloud providers have clauses in their SLAs that explicitly state that the data stored is the provider’s – not the customer’s.
Therefore, if the cloud provider were to shut down, they could sell on their customer’s data as part of their assets to the next buyer.
Furthermore, this multi-tenant environment means that the cloud managed cloud provider owns the hardware and software, enabling them to make changes (low-level changes or big changes) at their choosing, without consulting their customers beforehand. As a customer, your business will have little to no control over which methods are used for authorisation, authentication and access control processes.
Protection in a Private Cloud
In a private cloud environment, it can make life easier for your company by giving you the choice to customise your resources to meet specific IT requirements. Private cloud, like the ones used at Citadel Technology, are often used by medium to large-sized organisations seeking enhanced control over their environment.
With a private cloud, your business will have:
- More flexibility: customisable cloud environment to meet your business needs
- More control: company resources remain internal and are not shared with other businesses
- More scalability: more scalability (users, storage, applications) compared to an on-premises infrastructure, so that your system can grow with your business.
Don’t be a sitting duck
Long story short, working in a public cloud may be the most suitable option for your business, and it definitely isn’t a poor choice. But we do think that a private cloud offers more security, control and flexibility over your work environment.
With the direction that cyber security is heading and the increase in sophisticated cyber attacks, especially since the start of the pandemic, moving to a private cloud is something that you should consider.
Secure your future
At Citadel Technology, we create a hosted desktop for our customers in a private cloud environment, with data stored in data centres across the UK. We have extensive security measures in place, with daily backups and built-in business continuity (just in case disaster ever strikes!) to ensure the safety of your business data.
As your managed cloud service provider, we would see ourselves as your IT partner, assisting you with daily tasks and enabling your business to just work.
Moreover, if you have experienced your business in a public environment before, then our private cloud environment offers further security with our 24/7 monitoring, regular patch updates and protection from something that we like to call the Citadel Bubble.
You can find out all about that here:
https://citadel.tech/2021/02/22/citadel-bubble-cyber-security/
If you are interested, fill out our form to speak with a member of our team to see how we can help your business.
Written by Andy Hughes – Director of Citadel Technology & Partner of Synergy Technology.
With over 27 years’ experience in the IT industry, Andy has always had a passion for delivering service and solutions, with a focus on providing an excellent client experience.
Having worked as the Head of IT at Manchester City Football Club (as part of an outsourced contract with Synergy Technology), Andy has knowledge and experience with the delivery, management and support of IT systems and user experience.
‘What makes Citadel Technology unique in my opinion is the way we deliver our product, by partnering with our clients, enabling us to understand what they want and how they work’. – Andy Hughes.