Experts caution firms on public cloud on data security

Information and communications technology experts have urged organisations using public cloud to feel personally responsible for the data they take to the public Cloud irrespective of the security policies the cloud provider must have put in-place.

“They should consider using data encryption technologies, multiple level of authentication, enforce strong password policy and ensure that a backup system is provided. It is important that organizations and individuals who consume cloud services ensure they are constantly studying and following cyber security trends to enable them to adjust according to new security realities,” they said.

This is coming against the backdrop of recent Sophos state of cloud security 2020 report, which says that 43 per cent of organisations in Nigeria on public cloud have been hit by Malware also 57 per cent of Nigerian organizations are with public cloud data exposed in the last year. This is highest globally according to the report.

The report revealed that 46 per cent of Nigerian organisations with cloud account credentials stolen in the last year.

Obinna Adumike, chief technology officer, Cloud Exchange West Africa, advised organisations and individuals when creating cloud accounts, as a matter of importance to design a security policy that ensures that each cloud platform has a unique and independent credential and avoid reusing credentials.

“Password policy that uses Alphanumeric and special characters are very important with not less than 8 characters depending on the security level required. Also ensuring that such credentials are not saved or cached by browsers, applications and cloud services is very essential,” he noted.

Responding to the report on Nigeria Remi Adejumo, chief executive officer, Cloud Flex, said that 90 per cent of Nigerian presence on the public cloud is with the hyperscalers – AWS /Azure.

“70 per cent of incidents are insider jobs. Security is 50/50 between the public cloud and the customer. And we are protected against each other. Majority of Security breaches are achieved through phishing or malware but it is independent of the public cloud edge security. Also the use of a VPN protects the link between the customer and the public cloud,” he said.

Adejumon further explained that the cloud platform is a software virtualisation of physical hardware. “It allows the virtualised platform to achieve a degree of granularity that would be uneconomical or ridiculously expensive in a physical environment.

“Security concerns associated with the Cloud is shared by the cloud provider and the customer. The provider must ensure that the infrastructure is secured, and the customer ensures that the data and applications are secured,” he stated.

Cloud computing has been described as the greatest game changer since the creation of the internet and is one of the fastest growing areas of technology today.

According to him, “the annual spend on Cloud computing is expected to triple in the next two years. It can be simply defined as renting time on a computing infrastructure over the internet, rather than building your own from the ground up. In a way it could be described as outsourcing your computer infrastructure”.