There’s no way around it, successfully doing business in today’s connected, fast-paced environment requires that you make use of cloud computing and storage. Whether it’s backing up files in Dropbox or storing customer data in Salesforce, it’s rare to find any business that doesn’t have at least some (if not all) of their critical data stored in the cloud.
And things don’t show signs of slowing down anytime soon. The use of cloud computing is expected to grow at a rate of 6x through 2020, with over half of all information technology (IT) budgets now being allocated to the cloud. Moreover, upwards of 85 percent of organizations say that they keep some form of sensitive data in the cloud.
Are there disadvantages of using cloud storage when it comes to the privacy and security of your data? While cloud computing service has made managing data much easier and provides countless benefits in areas like analysis and automation, there is certain risk and drawbacks that you should be aware of when using cloud storage.
So, is your data truly secure online, in the cloud? Read on for our top five disadvantages of cloud-based storage, and how to potentially mitigate them with this comprehensive guide.
1. Certain Cyberattack Vulnerabilities
One of the most obvious disadvantages of the cloud storage model that many businesses use is that that data isn’t under your own secure supervision. Depending on the cybersecurity architecture implementation of the public (or private), a cloud provider may be more vulnerable to certain varieties of cyber attacks that are specifically designed to penetrate the cloud. First, let’s take a look at how the cloud is set up from a cybersecurity standpoint, so you can better understand potential vulnerabilities.
The “cloud” itself is simply a server where your data is stored off or away from your physical premises by a third party. Whether it’s Dropbox, Facebook, or Salesforce — businesses pay companies to store their data in the cloud primarily to make it accessible from anywhere. This is by definition the Software-as-a-Service (SaaS) or more recently Platform-as-a-Service (PaaS), that we’ve become accustomed to. We pay a third party like Amazon or Microsoft to store our data so we don’t have to, and we can access it from anywhere there’s an internet connection.
That being said, most third-party cloud providers take great precautions when it comes to protecting their customer’s data. Hacks, breaches, or cyber attacks tarnish their reputation and damage business, so it’s certainly not in their interest to be lax. However, due to the centralized nature of cloud servers, and the increased number of end access points (any device with internet, as opposed to your own hard drive locked away in your home office) do raise the concern as it relates to specific varieties of cyber attacks:
- Distributed Denial-of-Service (DDOS) Attacks: In the past, DDOS attacks against cloud platforms was virtually impossible. Cloud providers threw billions of dollars into taking every measure that their customer’s data is secure (and still do). However, the sheer number of devices that exist today (and are still increasing, from smartphones and tablets to the connected home and Internet of Things (IoT), there are more endpoint vulnerabilities than ever.
- Phishing & Social Engineering: Due to the open nature of the cloud (you can access central data from virtually anywhere), phishing and social engineering attacks are becoming more common. Whether it’s a spam email to trick employees into giving up their login credentials or pretending they’re a trusted party on social media, once a hacker gets his/her hands on a username and password, they’ll be able to snoop through your data virtually undetected.
- Common Provider Vulnerabilities: No system architecture is 100 percent foolproof, but one of the disadvantages of cloud storage service is that many of the platforms are constructed similarly. Once a vulnerability becomes known within one cloud provider, for instance, the tactic can spread quickly and often be successful with others. This is where working with both your cloud provider and cybersecurity partner can help proactively identify common vulnerabilities and take the proper precautions.
Learn more about how to build an effective vulnerability management program for the cloud network in our blog.
2. Slower Backup & Restoration Times
When you’re working with data via an on-premise model, your data, machines, and servers are located closely nearby. Whether it’s in the next builder over, or in your home office, on-premise networks are often connected physically. When data moves through the cloud, however, you’re subject to internet bandwidth speeds and limitations. In the end, your internet bandwidth and maximum cloud provider speeds may end up being slower than if you were transmitting data on a local network.
This can result in communications latency issues, where it may take time for one user to view a file that another user has uploaded to the cloud in a different city, for instance. Where this can be the biggest disadvantage is in terms of backing up files and servers. Many businesses choose to back up their cloud data in the middle of the night, for instance, when internet data traffic is at its lowest. Other companies choose to leverage advanced data compression software, to pack the data into tighter bunches so that it doesn’t take up as many lanes on the information highway.
In addition, restoring your server (if necessary) could take longer on the cloud than if done on-premise. Again, this simply comes down to the amount of internet bandwidth and speed you have access to. In the event of a cyber attack, for instance, you may need to shut down your entire system and restore information and settings to a previous date prior to the data breach, it may take some time. How you back up, recover and restore critical systems and data in the event of a cloud attack should be clearly defined in your organization’s cybersecurity policy.
3. Risk of Extended Downtime
The third disadvantage to cloud storage is the risk of prolonged system downtime and is one of the downsides the most often cited by businesses. Simply put, the servers where your data exists aren’t in your office or building, they’re at Amazon, Google, or wherever your cloud provider has their server farms. Therefore, your internal IT staff isn’t in control of remediating systems issues and getting your networks back online.
Servers could go down (or be shut down) for any number of reasons, from a local power outage to a cyber breach. There could also be an issue or service outage with your internet provider. No matter what reason there is for downtime, you’ll be at the mercy of your cloud hosting provider as to when things actually come back online. For example, when cloud provider Amazon Web Services (AWS) experienced a service outage in 2017, the resulting downtime cost publicly traded companies an estimated $150 million.
That being said, it’s in the best interest of the cloud service provider to make the end user (you) not suffer long downtimes. Downtime will happen from time to time, and the most important thing is to work with your cloud service provider and a cybersecurity partner to create documented policies and procedures about what to do in the event of extended cloud downtime. You can also consider implementing a direct network connection with your cloud provider as a backup in case of extended downtime. AWS Direct Connect and Microsoft Azure ExpressRoute are two examples of providers of cloud-based services.
4. Third-Party Regulatory Compliance
Depending on the nature of your industry, there will likely be certain government and/or industry standard regulations that you’ll need to comply with in terms of your cloud service provider’s cyber defenses. In some very rare cases, you may be prohibited from using cloud storage altogether for extreme privacy and/or security concerns. Either way, bringing on a cloud partner for data storage entails being informed about the compliance issues in your industry, and ensuring that your provider is meeting them.
The medical profession has the Health Insurance Portability and Accountability Act (HIPAA), which outlines data security requirements for cloud providers that store digital patient medical records. This could be anywhere from a large hospital using an enterprise-level provider like Microsoft, or a local dentist using Google Drive to keep their files. For banks, payment processors, and the finance industry there’s PCI-DSS, which lays out a cybersecurity framework to protect credit and debit cardholder information in the cloud.
In many cases, regulations state that cloud security standards for providers must meet the same standard as if they were themselves the business. If the cloud provider is breached and regulatory agencies find that their countermeasures weren’t up to compliance snuff, your business will also likely be subject to hefty penalties and fines.
That’s why it’s extremely important to sit down with both your cloud provider and cybersecurity partner to review what cloud compliance will mean in your specific case and develop a plan of attack to maintain compliance throughout the duration of your relationship.
5. Vendor Lock-In
Selecting a cloud service provider is more like a long term marriage than dating. Especially for large organizations with tons of data, migrating everything into the cloud, configuring the system, and ensuring compliance can take months or even years. Therefore, you’ll need to be very selective when searching for a cloud storage partner.
Depending on the service you use, and the nature of the contract, you’ll likely be locked into that specific vendor for at least a year (or maybe more).
If you become unhappy with your cloud service provider midway through the contract (for whatever reason), you’ll still be on the hook for the remaining subscription fees, even if you decide to pull the plug and walk away early.
Moreover, switching cloud service providers at any time can be time and resource consuming. Depending on the level of your internal IT expertise, migrating from one cloud provider can range from a minor headache to a significant negative financial impact.
Cloud vendors may be eager to bring you on board as a customer, but don’t expect them to bend over backward if you decide to walk away from your contract and need assistance with vendor-to-vendor data migration. Any custom software applications that you run on one provider’s cloud may also not run as well (or be totally incompatible) with some other cloud storage architectures.
To avoid being locked into a vendor that doesn’t match your needs, and having regrets down the road, make sure to invest the time upfront to vetting cloud storage providers. Read over all the fine print of their policies relating to contracts, privacy, data security, and compliance advisory services.
If possible, go over those policies with an experienced cybersecurity partner to clarify jargon, ask questions, and to gain a better overall understanding of the partnership you’re entering into. Figure out which applications and features of the storage system are proprietary, and which aren’t.
In other words, if you change providers, how much will you have to re-learn as you migrate to a new system? Ask for case studies and references for customers in similar industries to yours, and make sure they have the capability to hand over all of your data in a timely manner if you decide to go elsewhere.
It’s hard to imagine life today without cloud storage and computing. An information-based economy requires that we be able to work with, share, and access data on a moments notice, from any location, on whatever device is in front of us.
Cloud technology is still evolving, and storage providers are constantly challenged in coping with new and ever present cyber threats that target health, financial, military, or other sensitive information that might reside on a public cloud.
That being said, these disadvantages of the cloud can be minimalized (or eliminated altogether) with a bit of planning and foresight in conjunction with the cybersecurity solutions of your cybersecurity partner. Make sure you create a technology framework that can be shared by you, your security partner, and your provider to protect critical data and infrastructure from things like DDOS attacks.
Have a plan in place in case your provider has issues restoring systems or in the event of extended downtime. When it comes to reducing the disadvantages of cloud storage, planning, communication, and attention to detail are what matter most.
For more information regarding cloud storage and cloud architecture, contact RSI Security.