Five Best Practices for Cloud Security
Tips on how to better secure your cloud computing environment.
Data security is one of the primary reasons that companies are hesitant about moving into the cloud. A recent study by the Cloud Industry Forum found that 62 percent of its respondents claimed data security was a significant concern concerning the cloud. Data privacy was a close second at 55 percent.
And the latest news coming from McAfee may not help to improve the security image of the cloud.
Late last week, McAfee announced two problems with its SaaS Total Protection anti-malware service, for which a fix was expected soon (if not available already). At least one of the vulnerabilities allowed computers using the service to be hijacked and used to generate spam. According to PC Magazine:
As McAfee explained, one vulnerability found in the ActiveX control allowed attackers to execute arbitrary code. The other vulnerability found in McAfee's Rumor Technology (an updating system that lets one user share his update with an entire LAN network, even if they aren't connected to the Internet) effectively turned the victim's computer into a spam-spewing machine. In August McAfee released a patch for a problem similar to the ActiveX control flaw, which cut the exploitation path and has prevented attackers from accessing data on affected PCs this week.
When a well-known security vendor announces a vulnerability in one of its products, you have to take notice. In this case, the cloud was supposed to help improve computer security, but, instead, it left computers open to attackers.
McAfee says no data has been compromised, but the situation shows why so many SMBs report that they are leery about moving their data into the cloud. There has to be trust in all aspects of cloud service, and I don't think we are there yet.
It is time to focus on giving customers solid answers to their security fears and removing the fear, uncertainty and doubt' from their minds.