Cloud computing is seen as the future of IT, but concerns regarding its security remain. A case in point is the Freedom Healthcare Staffing leak.
Compromised data is always associated with various dangers and problems, but these are always magnified when the data at risk is personal. And the employees of Freedom Healthcare Staffing (FHS) now know what this feels like. Around 957,000 private records were found to be readily available to anyone with an internet connection. These records included drug test records, recruitment details and in-house communications among more technical networking details. Not only were these records available, but the opportunity to edit and delete this data was also an option.
As more and more organizations are moving towards cloud computing, it’s important to understand where FHS went wrong. Let’s see what we can find out.
What Happened with FHS?
The unsecured data at FHS was compromised for one reason and one reason only: negligence. The folder, which contained close to a million records, was on a publicly available drive and had no password protection. Therefore any web browser, such as Chrome or Firefox, could access the data without providing any administration credentials. To make matters worse, the technical data that was visible in this folder provided an opportunity for hackers to delve even deeper into the FHS network. After a security researcher from Security Discovery analyzed this compromised database they informed FHS and all records were quickly secured.
Why is Cloud Security So Lax?
Cloud storage is a relatively recent development in IT, so it should come as no surprise that there are teething problems with the technology. But this doesn’t mean data should be left unsecured. Unfortunately, many consumers feel as though the responsibility of their data security should lie purely with the cloud provider. This approach, as FHS discovered, can be highly dangerous. You only have to take a look at the attacks taking place on cloud based data to understand why.
Organizations need to adopt a shared responsibility mindset in order to protect their cloud. And this should incorporate the following:
- Ensure that all folders on your networks are only accessible to those who need them. Regardless of whether this folder is on your local network or in the cloud it needs to have the correct protection in place.
- Part of your cloud provider’s service will include installing patches and upgrades, but this will only be relevant to your cloud software. Software updates, such as patches for Windows 10, must be installed by your in-house teams immediately to prevent threats to your data.
- Remember that many Internet of Things devices come already loaded with default passwords. This presents a major security risk to cloud computing, so it’s crucial you change all default passwords before the devices go live on your network.
Enhanced knowledge will, with time, allow us to understand the limitations of cloud security, but as FHS discovered it’s important to take a proactive approach immediately.
For more ways to secure and optimize your business technology, contact your local IT professionals.