Cloud computing may be one of the greatest innovations of our time, but along with any great innovation comes unprecedented risk. A growing number of companies are choosing to entrust mission-critical business data to IT service providers for cloud storage, placing the responsibility for security and risk-management in these technology experts’ hands.
Regardless of how many security measures are put into place to protect cloud clients’ data, the criminal element is continually working to find new ways to gain access to protected information that they can use for their own benefit. The costs of a security breach can be immense, so every precaution must be taken to protect both customer data and the IT business responsible for storing it.
In addition to deploying appropriate security controls, any technology business responsible for hosting others’ data is wise to purchase a technology errors and omissions insurance policy that includes cyber liability coverage, a type of professional liability policy designed to protect IT businesses against liability and expenses arising from the theft or loss of data, as well as liability and expenses related to a breach of data security or privacy.
Get a quote for an E&O policy that includes cyber liability insurance now.
The Top Seven Cloud Security Threats
According to a 2010 report from the Cloud Security Alliance*, the top threats inherent in cloud computing include:
- Abuse and nefarious use of cloud computing: Criminals are always developing new technologies to extend their reach, escape detection, and improve the effectiveness of their activities. Some cloud computing providers’ relatively weak registration and fraud-detection systems make them easy targets for attackers.
- Insecure interfaces and application programming interfaces: If the software interfaces or APIs customers use to interact with cloud services are weak or inadequately secured, accidental or malicious attempts to circumvent them can expose an organization to many security issues related to confidentiality, integrity, availability, and accountability.
- Malicious insiders: If a malicious insider should gain access to your server, considerable damage can be done. Such individuals can infiltrate client organizations and assets, damage valuable brands, harvest confidential data, wreak financial havoc, halt productivity, or even take complete control of the cloud, with little or no risk of detection.
- Shared technology vulnerabilities: Because shared technology elements weren’t designed for strong compartmentalization in a cloud environment, hackers have increased their attacks in these areas in an effort to interrupt the operations of other cloud customers and gain unauthorized access to data.
- Data loss or leakage: Theft or loss of sensitive data can devastate a business’s brand, reputation, and customer trust. Depending on which type of information is accessed, there may be legal and compliance ramifications for the business, as well as for the data storage host.
- Account, service, and traffic hijacking: If someone uses stolen credentials to hijack cloud computing services, they can eavesdrop on others’ transactions, manipulate data, redirect users to illegitimate sites, and even compromise the availability of cloud services, often resulting in litigation for cloud service providers.
- Unknown risk profile: While many businesses benefit from the low overhead costs involved in storing data in the cloud, they take on risks when sharing cloud infrastructure with unknown others. Most cloud service providers have internal security procedures, logs, and disclosure standards, as well as processes for handling network intrusion attempts.
To protect themselves against the many risks of providing cloud computing services, IT companies can buy technology errors and omissions insurance that includes cyber liability coverage.
Get a quote for professional liability insurance, including cyber liability coverage, now. It’s fast, easy and free.
*Source: Cloud Security Alliance, “Top Threats to Cloud Computing”, Version 1.0, 2010.