Cloud security is also known as cloud computing security, which involves a broad set of technologies, applications, and other associated infrastructure that protects virtualized IP and network security. This basically shields data and any other information in a computer network from external attacks and more broadly, malware. In fact, there are vulnerabilities when it comes to information passed along technological companies/Saas companies where unauthorized data can leak or encounter disruptions particularly in cloud systems as well as traditional IT devices.
Most people are already informed about cloud computing and its numerous benefits. However, they find it hard to wrap their heads over a resource that is only classifiable as being somewhere between a physical server and intangible internet resources. Cloud computing is considered a high dynamic environment which is constantly evolving in many ways. It is so dynamic that even the security threats consistently evolve and take up many dimensions which can be viruses, bugs, and worms that disrupt an IT system’s functionality. Experts insist that IT security is identical to cloud security and if you understand the specific differences between the two, then you cannot connect the concept of security risk with the ‘cloud’ anymore.
So What Is Cloud Security Really About?
There is a myriad of questions surrounding cloud security. A cloud is hosted on a server which is supposed to be secure to prevent third parties from accessing unauthorized data. So, whether a server is within the confines of your home, or rather, if you have some confidential data on your tax consultants server, then you might ask yourself which among this is the best option? Is a server really safe in your house or is it better to have a large organization such as a tax consultancy firm keep your data. In homes, there is always a greater risk of accidents such as water spillage, fire, or lightning especially in a household with poor earthing, all of which can physically damage a server.
These are common household incidents whose risk can otherwise be minimized particularly if the server belongs to say, a tax consultant with hundreds of clients. This means that the physical size of the server is much bigger than the one serving a single household in your home. Since the concept of cloud computing revolves around data, you might ask yourself whether the tax consultancy firm might outsource maintenance to a third party who might pry on your confidential data. Some organizations do not necessarily own a server, but rather, they pay a fee which enables them to lease the use of the resource.
To better understand the dynamics of cloud computing and its relationship with servers, here are some key characteristics:
- It is about physical access to the servers
- It is primarily about safe access to the backed up data on the cloud
On A Private Network
A small clothing shop, for instance, would be comfortable backing up sales receipts on a flash drive or a laptop. An audit firm with 3,000 global clients needs to own or use a server which can both handle and prevent the loss of large volumes of data that can otherwise crash smaller computer systems. You have to consider that an organization of this size might even have its own computer network that can only be accessed by authorized personnel such as junior staff and senior partners. With a laptop or a hard drive, you can move around with data and access it from other devices from various locations even without an internet connection.
There are recorded timesheets that list the user ID to verify that only authorized staff members have accessed the system over a certain duration of time. In case of a breach, the support staff can use project time tracking methods to know when the threat attacked the system, and if anyone with a user ID might have played a part in the attack.
On The Cloud
There is, however, a different dynamic when it comes to using the cloud. Some of its characteristics include:
- There are special prevention systems in case of thunderstorms, lightning, water spillage, or fire among other disasters
- The servers are equipped with back-up systems, UPS and N+1 (or greater redundancy)
- A 24-hour qualified technical support ensures that the servers are online throughout, with extensive project time tracking
- There are security guards manning the servers 24 hours a day, 7 days a week throughout the year to ensure that third parties cannot siphon data physically using wired connections
- There are safety devices that control and keep heat and humidity in the cages where the servers are housed and maintain them at an optimum level to prevent any form of malfunction which can cause loss of data.
Other characteristics include monitoring software that can automatically detect and alert the 24-hour support personnel about any impending danger. Such software also tabulates and records real-time data that can enable the support staff to guarantee that the servers are operating smoothly. In other instances, any irregularities might limit access in order to prevent malware attacks and initiate manual control that allows the maintenance personnel to exclusively restrict access to networks that seem risky.
Network Access To Servers
A single cloud environment can be interconnected with many networks which in some situations is a risk in its own way. It is because this makes it much easier for the bulk traffic to bypass traditional defenses. A cloud can handle voluminous data that can make it extremely difficult to screen and isolate potential threats. This is considering that there might be weak identity and user role management where personnel with authorized access put the cloud at risk of account hijacking unknowingly. In other instances it might just be Unsafe Application Programming Interfaces also known as (APIs) plus malicious insiders can also pose data threats to the system. It is why a data-centric approach is recommended for preventing unauthorized access.
Apart from timesheets, time tracking app can also be used. We at Zistemo utilize the Equinix data center in Geneva, Switzerland with access to the Cern CIXP while for backup services, we use the Zurich data center.
These data centers are among the best especially when you consider their certifications. They own the following certifications: ISO 9001, ISO 27001, PCI DSS, SOC 2 Type II, SOC 1 Type II, SSAE16/ISAE3402.
The physical security imposed on the server’s location already means that the cloud has some reassuring degree of safety. It is the servers which are considered to be a risk because of the network access that involves a large volume of data flowing through them from the cloud. At first glance, it seems that people outside the network edge have no access to the server which makes them more secure compared to the cloud. However, third-party companies doing service maintenance can actually pose a higher risk if not the various trojans sent via email.
There have been instances where the servers were attacked and caused widespread panic because these attacks risked paralyzing vital services. For instance, the WannaCry attack in May 2017. where a ransom was demanded on the Deutsche Bahn scoreboards by the hackers. They shut down hospitals by infiltrating private and internal networks that were fitted with outdated operating systems.
This was an eye-opener that enabled people to understand that a network is only as secure as the system updates. Frequent updates to the security system as well as the Operating system in general monitor each and every event and scan all the traffic which includes emails. Most security updates in recent times have discouraged people from using an RSA encryption data transfer from a computer browser which is used alongside the outdated server systems that use the SHA-256 algorithm.
People are encouraged to keep their passwords private and to always ensure that they are unique. Using the same password across most apps and on weak and unsecured internet services make it easier for hackers and third parties to do a lot of damage. A single hack can make it easier for other less skilled hackers to gain access because a first-time hack makes the password visible. Here you can find out whether your password or email has been pwned
The most common way of securing a password is to use two-factor authentication. It is not enough to key-in the correct password and the two-factor authentication sends a verification code to either your phone number or just a secure email that you have provided. So, if a hacker has your password, they still need to receive the verification code on their phone to confirm the login. If they cannot key in the verification code within a stipulated duration of time, then access is denied, and the login process has to be repeated. It also goes without saying that cloud applications require strong passwords which might be a mixture of words, symbols, and numerals.
At Zistemo, we store your data only in Switzerland which is in line with our privacy policies. When using a cloud, it is essential to know where the data is stored. Some cloud services might impose cheaper charges albeit with less stringent security measures. Our company Zistemo fully supports the European Unions GDPR (General Data Protection Regulation) policy which is strengthening the data integrity of cloud users. Our company, is, however, governed by the Swiss FADP (Federal Act On Data Protection) which is considered on the same level as GDPR.
A major advantage of the Swiss FADP over the Eu’s GDPR is that while the GDPR only applies to individuals, the FADP applies to both legal persons ie. organizations and companies, as well as individuals. So, whether you are just an individual or you have stored your company data with us, you are sure that any of this data cannot be accessed in Switzerland without your express consent. We, however, just offer our service to companies.
Data can easily be manipulated because of unauthorized access by third parties. It also should be noted that it is possible for legal systems in some jurisdictions to grant access to servers for purposes of investigation. One reason why we at Zistemo stand out is that we are based in Switzerland where the corruption index is 85 points which rank the country at position 3. This is verifiable data courtesy ofransparency.org.
It is advisable to avoid services which are based in countries with less than 71 points. The U.S.A. is ranked at position 22 with 71 points and it is among the most recommended only because there are some cloud alternatives which are not so common in other parts of the world. Some services do not indicate where the data is stored and it is impossible to even know the whereabouts of the backup since it is not stipulated even in the mirrored databases.
The ranking system might not be quite an important factor when you consider countries based within the EU because of the GDPR policy. However, in countries like Cuba which has a higher index than Greece and it is still considered safer to use their cloud infrastructure because of the strict GDPR policy. Our Swiss FADP policy is even much more assuring because it prevents both legal and illegal pathways that might enable third-parties to access private data.
Summary On Cloud Security
There is a two-factor authentication plus we mirror our database almost in real time between Geneva and Zurich and our strict data access rule that ensures only a limited number of our staff can access the database minimizes the risk of access by a third-party.
As a conclusion
Choose the right SaaS provider who takes maximum care about:
- the right data centers in the right locations
- committed to a backup system or database mirroring to different data centers in the case of a disaster
- SHA-256 with RSA encryption
- Access monitoring (what happens when you insert many wrong passwords, ReCaptcha to avoid robot attacks, etc)
- ..and you have to make sure
- A strong and unique password
- on important and secret data use two-factor authentication
we at zistemo
- we use only high-security swiss datacenters for our database, storages, and backups.
- we’re 100% committed to GDPR and we treat your company data same as the individual data Running under the Swiss Federal Act on Data Protection (FADP)
- with us, you are always able to export your data
- We mirror our database almost in real time between Zurich and Geneva
- Every 3 hours we run a backup.
- We use SHA-256 with RSA encryption on all data transfers
- We monitor and react on unusual access tries on the API and Application
- We offer two-factor authentication
- We have strict HR rules about client data access, only limited people have access to the database.
- Truly believe in the power of cloud security!