The Importance of Backing Up to The Cloud & Data Protection
Posted on: 05 September 2018
Remote cloud software is a technological advancement that has taken a magnitude of industries by storm - it’s a cloud computing breakthrough that’s here to stay. Although it may seem like a relatively new concept that’s seen a surge in requisition from SMEs and large corporations across the globe, the history of cloud computing dates back to the 1960s. It has evolved from the initial concept of an “intergalactic computer network”, thought up by JCR Licklider, who was also responsible for the development of the Advanced Research Projects Agency Network (ARPANET) in 1969. Licklider had a vision - he saw a world where people were interconnected and able to access software and data from any site, at any time wherever they were. Licklider’s vision has now become a reality, with thousands of organisations being reliant on cloud-based software and computing.
One in Five Businesses Don't Have Procedures in Place to Protect Their Data
According to a recent survey undertaken by OGL, 95% of UK businesses use a cloud-based storage solution to store active data. Of the companies surveyed, 14% stated that the data housed within their cloud-based storage solutions is worth in the region of £1 million. The Cloud as a service has unequivocally revolutionised the way computing works, in turn transforming the way companies approach their day-to-day tasks and business strategies. It is time for SMEs to move away from “the cloud is just someone else's computer” narrative, and understand the basics of the cloud and realise the irrevocable impact that data loss or damage could have on their businesses.
How does the Cloud work?
The cloud, or cloud software, refers to any programs, software or data that is stored on a remote server and runs on the Internet, instead of being stored locally on your internal network or end user devices and being run from there. The computer running this software and data utilises a server system, and this server system is called “the cloud” or “cloud provider”. In fact, enterprises have been using cloud-based software for years, without even realising it. Businesses have been using software-defined data centres and enterprise email solutions for decades. If you have ever sent an email, you have logged into a Web Service (as well as all the other programs needed to run the application) which are located and stored on a remote machine owned by another company. This email software sending and receiving emails such as Outlook doesn’t exist on your computer - it exists and is run from the Microsoft Windows operating systems. The cloud computing software we rely on today is commonly described in one of two ways, location or service.
What is a Public Cloud?
A Public Cloud uses the standardised cloud computing model, where the general public can access resources such as virtual machines (VMs), software and storage, over the internet. Examples include Windows Azure and OpenStack public cloud. Some public cloud services are free, or rely on a pay-per-usage model.
What is a Private Cloud?
A Private Cloud (also referred to as an enterprise cloud) uses a cloud computing model that has been tailored for the needs of a single organisation or business. Their IT services are provisioned over private IT infrastructure, and are often deployed, managed and maintained via internal servers that are hosting these applications and data.
What is a Hybrid Cloud?
A Hybrid Cloud is a cloud computing environment that uses both a Private Cloud computing model and third-party Public Cloud services. One or more touch points exist between these services, with the goal of creating a unified and well managed computing environment. An example of this is VMware SaaS Hybrid Cloud Extension, which provides a hybrid software for their cloud operating system, vSphere. Using both on-premise servers and remote servers, VMware’s Hybrid Cloud Extension facilitates secure and efficient access across its vSphere operating system.
Service-Based Cloud refers to any applications or services that are available to users via a cloud computing provider. The following are the three most common service-based cloud offerings: IaaS, PaaS and SaaS.
What is an IaaS Cloud?
IaaS (Infrastructure-as-a-Service) cloud software is a type of cloud computing that provides virtual computer resources over the Internet. In this model, the cloud provider hosts the infrastructure components that are usually present in an on-premise data centre. This includes servers, storage and networking hardware. In most cases, IaaS Cloud Servers provide a range of other services that accompany those cloud infrastructure components, such as detailed billing, monitoring, log access and much more. For example, VMware provides a hosted desktop that runs on Microsoft Windows, Linux and MacOS.
What is a PaaS Cloud?
PaaS (Platform-as-a-Service) cloud software is a cloud computing service that gives customers a platform to develop, run, and manage applications without the complexity of building and maintaining the infrastructure associated with developing and launching an app. PaaS includes Microsoft Azure and Google App Engine. PaaS can be delivered in one of three ways:
- Via a Public Cloud service.
- Via a Private Cloud service behind a firewall.
- Via a Public Infrastructure-as-a-service, where the software is deployed.
What is a SaaS Cloud?
SaaS (Software-as-a-Service) cloud is a software distribution model where a third-party provider hosts applications that are available to customers over the Internet. SaaS removes the need for businesses to install and run software internally, freeing up space and eliminating the need for maintenance, software licensing, installation and support. Examples of these include Google Docs and Salesforce.
Cloud-based storage and cloud software have become a vital component for thousands of businesses across the UK. But how safe and secure is this lifeline that runs through thousands of modern enterprises all over the world?
How secure can the cloud really be?
Results from our survey show that 82% of UK businesses use more than one software solution to store, manage and transact digital data within their organisation. Utilising a ‘multi-cloud’ strategy means that businesses have the flexibility of choosing cloud services that will meet their unique needs. Alongside this, if a business properly utilises a multi-cloud strategy, they have the advantage of data mitigation. Many organisations choose to integrate cloud-based software so not to compromise on performance quality, due to the processing power of the computer being used. Cloud-based software not only benefits businesses that want to stay ahead of the curve in a competitive market when it comes to data storage, but also limits the resource required for IT support, as systems run better when data is stored externally. In order to stay in a superior position in a competitive market, companies need a backup Disaster Mitigation and Recovery strategy in place, should they fall victim to a cyber-attack.
DDoS and DoS attacks
Every computer is at risk of a cyber attack, and cloud networks are no different. The two most common attacks on cloud software are: a Distributed Denial of Service (DDoS) attack, and Denial of Service attack. Both attacks target a variety of important resources, from banks to news websites, with the aim of temporarily or indefinitely disrupting services of a host connected to the Internet. The only difference? DoS comes from a single device, and DDoS involves malicious traffic from multiple sources. However, there are thousands of other malicious software and malware out there.
Despite the obvious risks and numerous threats, one in five (20%) of companies we surveyed admitted they had no Disaster Mitigation or Recovery plan in place, but they were formulating one. A worrying 2% said that they had nothing in place and no plans to implement one. What makes these figures disquieting is the fact that over half (51%) claimed that they could not go for more than one working day, should the cloud systems they rely on experience downtime during a hardware failure, a DoS or DDoS attack or a data breach.
In the wake of GDPR, disaster mitigation and damage control should be at the top of every business’s list. Under the new GDPR terms, every single organisation must ensure that the data they possess is protected from misuse and exploitation. If you’ve been hacked or experienced a cyber attack and have not put the necessary protection strategy in place, you are at risk of being fined £17.6 million or 4% of your global annual turnover (whichever is higher).
Every company is a potential victim of cyber-crime - cyber criminals do not discriminate when it comes to launching a malicious malware attack on a business, and the implications have the potential to destroy any business, no matter how big or small. Ponemon Institute’s 2017 Cost of Data Breach Study, revealed that data breaches cost UK organisations an average of £2.48 million in 2017. Pair this with the strict GDPR policies further reinforcing the irremediable impact a cyber attack or data breach could have on a company.
Cyber-Crime Does Not Discriminate
“WannaCry” is perhaps one of the biggest ransomware attacks in history that exploited a vulnerability in Microsoft Windows using the NSA’s cyber weapon “EternalBlue”. The attack infiltrated more than 300,000 computers and machinery worldwide, and took down organisations such as the NHS and FedEx. The ramifications of this attack are still being felt today.
Another data breach occurred on February 2017, just before the infamous WannaCry attack. Google vulnerability researcher Tavis Ormandy discovered an exploit in the internet infrastructure business “Cloudflare”. He noticed that there was a bug in the platform, causing data leakages of sensitive customer data that had been going on from as early as September 2016. Although the leaked data was only deposited on a small subset of Cloudflare customer sites and wasn't visible on the pages (in most instances), search engines such as Google and Bing automatically cached the errant data when they crawled the site. Sensitive data such as users' Uber account passwords and even some of Cloudflare's own internal cryptography keys were all easily accessible through search. Big brands including Fitbit and OKCupid utilise performance and security cloud services from Cloudflare, but thankfully the vulnerability was patched within hours of its discovery. However, this cyber-attack was a terrifying reminder about the potential dangers a bug or a cyber-attack can have on any business, while potentially endangering a significant portion of the web.
Vulnerabilities Affect Almost Every Modern Computer
Any exploit or vulnerability in the software a business is using provides an entrance point to privileged memory locations that store a business’s active and archived data. The entrance points provide malicious software the point of entry and an opportunity to extract data that should have been isolated and protected. While a company should have a disaster mitigation plan in place, it is crucial to take a ‘prevention rather than cure’ approach to the cloud software they’re using. The scale of any attack is contingent on the information a hacker can access and determined by how they can manipulate software vulnerabilities by checking which systems are vulnerable. What we need to understand is that every system is, in fact, vulnerable.
In January 2018, it was revealed that there are three serious security vulnerabilities affecting nearly every modern computer worldwide. Named Meltdown and Spectre by Google’s Project Zero team, these security flaws act as a springboard for cyber-crime and give hackers the opportunity to steal and encrypt any stored sensitive personal data from any computer. These vulnerabilities have been found in processors designed by Intel, AMD and ARM.
Cloud storage and computing offers a huge opportunity to UK businesses, showcasing efficiency, accessibility and above all usability with it's many applications - previously not available with legacy storage systems.
Organisations need to ensure cloud-based data is adequately protected and compliant with new GDPR regulations to avoid hefty fines and costly attacks on arguably what most companies would deem to be one of their most valuable assets, data! The Cloud as a service has indisputably changed the way computing works, in turn transforming the way companies approach their day-to-day tasks and business strategies, but with 51% of businesses admitting they couldn’t go more than a day without their data, it suggests that data protection strategies are not being taken as seriously as they should be. A data breach has the potential to financially destroy an enterprise and break its trust with consumers. With great power comes great responsibility.
For more information about data recovery and disaster mitigation, get in touch with OGL on 01299 873 873 and our cloud software experts will be happy to help.