November 22, 2015

Top 3 Cloud Security Issues for 2016

By Christopher Stark

Last month, Gartner published a press release highlighting its top predictions for IT organizations and users for 2016 and beyond. In the release, Gartner includes the following finding as its 10th prediction:

“Through 2020, 95 percent of cloud security failures will be the customer's fault.”

I agree, but I think there is a component missing from this finding. I believe that cloud security failures caused by customers will be closer to 98 or 99 percent, but the ultimate responsibility and blame is on the cloud service provider that doesn’t ensure security for their customers and teach them best practices.  I say this because from my experience, I do not think customers aren’t careful, don’t understand security or aren’t trying to protect themselves. The customer just needs to reinforce best practice fundamentals.

My three top issues affecting cloud security moving into 2016:

1. Forgetting One of the Three Levels of Security

In my experience, the majority of security breaches are caused by human error, due to an issue with hardware, software or overall security practices. These encompass what I call the three essential levels of security: physical, logical and methodological. Strong physical security includes armed guards, biometrics, pre-approved clearance and restricted access. Optimized logical security incorporates firewalls, virus protection, intruder prevention, encryption and user-defined permissions. And “methodological” security considers the human factor and confirms every manual process is approved by multiple cleared users. Errors or hacks can occur at any level, but it is the third level, or methodological level, that can cause the most issues. If the cloud provider doesn’t address best practices, such as proper password selection, with its customers, there is a huge risk. Security is only as strong as the weakest link so implementing safeguarding programs, maintaining continuous testing, and providing ongoing security education is key.

2. Hacking Made Easy = Weak Usernames and Passwords

The most common security breaches occur when customers choose simple username and password combinations, share login information with other users, or use the same login information across multiple platforms. These breaches can easily be avoided if the cloud security methodology of stronger login credentials is passed along to the customer and if the cloud service provider equips its customers with proactive or alternative login solutions.

A number of providers are implementing a two-factor authentication (2FA). 2FA components are something that the user knows and something that the user possesses that are inseparable from the user. For example, a strong username and password combination and a unique code sent to the user’s cell phone via SMS text or app notification. 2FA removes single access to the program, server or desktop, making it a safer alternative.

3. Managing the Cloud: Who is Responsible?

In the release, Gartner also states that “the characteristics of the parts of the cloud stack under customer control can make cloud computing a highly efficient way for naive users to leverage poor practices, which can easily result in widespread security or compliance failures.” This brings up the discussion about the overall management of the cloud, between the customer and cloud service provider, and who is best fit to implement cloud security measures.

Some customers are still afraid to provide their cloud service provider with full management of their systems because they feel they are losing control and are vulnerable. However, with control comes risk. An outside vendor can protect their customers from current and future security breaches by regularly testing, implementing and updating the infrastructure. For a customer to do this themselves internally would take precious hours away from daily operations. Limiting an individual user’s access to various programs or folders, based on his or her role within the company, also enhances the security level among systems. These are basic security best practices that cloud service providers can ensure are in place in cloud-based solutions along with various other measures.

Moving into 2016 and Beyond

Innovation seems to have grown exponentially in the last decade; technology has progressed so much that security is still trying to keep up and will continue to be the primary focus for IT organizations and users alike. Customers are getting smarter; they know what they want and can ask the right questions to achieve their desired results. Just remember, there is not one silver bullet to solve security issues, but you can better protect yourself and your system from hacks and breaches if you are educated about best practices in security protection. Gartner Press Release, Gartner Reveals Top Predictions for IT Organizations and Users for 2016 and Beyond, October 6, 2015, http://www.gartner.com/newsroom/id/3143718

Moving Your CPA Firm to Cloud Computing in 2021

Why Moving to the Cloud is Necessary in 2021 and Beyond This may be a moot point for many accounting firms who have already moved to the cloud..
January 19,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Small
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

Moving Your CPA Firm to Cloud Computing in 2021

Why Moving to the Cloud is Necessary in 2021 and Beyond This may be a moot point for many accounting firms who have already moved to the cloud..
January 19,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

Blog Archives

See all
Is Cetrom Your Cloud Services Solution?