Organizational security is sort of like a boat – all it really takes is one leak to sink you. And as we move forward into an era of mobility and distributed computing, the number of locations said leak can originate increases exponentially. But you already know, that, right?
You’re already aware of all the risks represented by mobile devices, of the security nightmare that is the Internet of Things, and of the constant war between security and convenience.
What you might not be aware of is that the cloud represents a risk for your business, as well – though perhaps not for the reasons you think. Consider: according to Cloudlock CTO and Co-Founder Ron Zalkind, the average organization has over 540 unique, user-enabled, third-party, 0Auth-connected cloud applications active within their IT environment. These apps all have potentially massive access scopes.
You see where I’m going with this, right? Any one of the cloud apps within your business could open the door to malware. And that’s only the tip of the iceberg – just as enterprises are using the cloud for better overall efficiency, the criminal underworld is turning to up their game.
“Cybercriminals are creating, in essence, a malware-as-a-service industry built on the same premises that legitimate organizations use to move the the cloud: increased speed and agility, economies of scale, security, and infinite computing power,” explains Zalkind. “Cloud malware isn’t a new threat, but exists outside the enterprise network, beyond the firewall. Cybercriminals know this, and leverage various sophisticated tactics to gain access.”
Malware-as-a-service isn’t the only threat, either. A study released by Georgia Tech in November revealed that as many as 10% of cloud repositories may be infected with malware. The components in these repositories sit idle and undetectable by traditional scanning methods until the moment of attack. At that point, they’re assembled into malicious software, and set to work doing whatever task the developer designed them for.
And yet the possibility that one’s business might wind up infested with a virus via the cloud is often overlooked by security experts.
That needs to change – and you can be the beginning of that change within your organization. You need to make yourself aware of the fact that unsecured cloud apps could serve as a point of entry for an attacker, or that they could themselves end up infested with malware. You need to start using new tools to scan for cloud-embedded viruses.
And more importantly, you need to ensure that if you’re hosting with a company that offers cloud services, those services are both secure and well-maintained.
I don’t expect you to stop using the cloud. That would be like telling someone they shouldn’t drive because they might get into a car accident. Rather, my goal here is simply to offer you a warning: your cloud is only as secure as you make it.
Bear that truth in mind, and you should be just fine.