With headlining data breaches, such as the recent security breach at Tesla motors, which involved cloud mining for bitcoin, one could easily start to get nervous about security. In many ways, the cloud is more secure than any computerized solution in the past, but every device containing code, especially since the dawn of the internet, is potentially susceptible to a security breach.
But before you go reverting to flip-phones and dial-up, lets take a look at how secure cloud computing really is.
The Hack at Tesla
Like many large companies and even the federal government, Tesla offers a bug bounty. Bug bounties are when companies will pay ethical hackers for turning in a security flaw (or “bug”) when discovered. In this way, major organizations like MicroSoft, the Pentagon or Apple, organically expand their security researchers--anyone with the technical skills to discover a breach or a bug can get a payout for turning it in. Some bug bounties pay tens of thousands of dollars!
In this particular case, researchers at a computing defense firm found an administrative portal that wasn’t password protected. Within its confines they found login credentials for a Tesla Amazon Web Services cloud environment.
The hackers, who have not yet been identified, potentially gained access to:
- Vehicle and mapping information
- Instrument telemetry
The breach did not compromise any vehicle safety or consumer information, yet it left some people wondering, “If this could happen to Tesla, could it happen to me?”
Security in the Cloud
The biggest security breaches, including this one at Tesla, almost always stem from just three sources:
- Improperly secured accounts, such as this one at Tesla which did not contain password protection.
- Lack of updated software, such as the major data breach last year at Equifax, which stemmed from a failure to patch a known bug in Apache Struts.
- Phishing scams, which have become increasingly more sophisticated, aimed to unintentionally disclosed login information, such as the massive data breach of millions of consumer credit card numbers at Target stores a few years ago.
Fortunately, knowing these three potential avenues for attack, security becomes greatly simplified. In the most simple terms possible, it means three things:
- Every single access point must have unique user credentials and a unique password.
- All software must be updated, which in the cloud happens instantaneously and is much less cumbersome (and thus, much more secure) than data solutions of the past (such as IT personnel going around and updating software on each end user device).
- Employee training regarding phishing tactics, which can be easy to avoid when understood.
If these measures are undertaken, the cloud is the most secure computing solution since the invention of the internet.
Secure Data Solutions
Any cloud-computing solutions company worth their salt will be familiar with cutting-edge security technology. You are probably familiar with firewalls, but new computing solutions include such features as:
- Containers and serverless computing
- Cloud-based databases
- Data warehouses
- Load balancers
- DNS services
- Gateway network firewalls (a traditional solution often still used)
- Network security groups
- Virtual networks (VPNs)
- Identity and access management (IAM)
- And more
An analysis of your existing security measures is part of any cloud-based data solution shift. At the end of an implementation planning stage, you will not only understand the ease of access and workflow simplification of cloud-based computing, you will also grasp how your data will be protected within that shifting defense perimeter.
It’s Better in the Cloud
NetSuite has been at the forefront of cloud-based computing since its inception. If you have security concerns, we understand them. Contact us for a free consultation, and let us show you how it’s better in the cloud.