Here’s How COVID-19 Could Threaten Your Company’s Cloud Data

It's not news that many companies have instructed their employees to work remotely as the COVID-19 pandemic has quickly gained ground this year. Some organizations have already chosen to have employees work remotely wherever possible for the rest of the year, and at least one has gone all-in with its declaration that employees can work remotely forever.

Many companies are relying on cloud services to make their rapid and large-scale remote working transitions feasible. But the combination of a sudden transition to remote workforces and a huge proliferation of COVID-19-related phishing scams and malware could put your company's data at risk if you're relying on the cloud. Some public cloud services may not have the capacity to deal with the sudden, massive spike in usage, and that's not the only security issue companies face when using cloud services for data storage and software applications.

Public Clouds Are Having Capacity Issues

As shelter-in-place, stay-at-home, and lockdown orders took effect across the United States and the world in late March and early April, public cloud providers like Microsoft Azure already reported capacity problems, citing a 775% increase in user traffic in areas where shelter-in-place orders were strictest. While the largest cloud service provider, Amazon Web Services, appears to have handled the increase in cloud service usage well, it's important to remember that increases in usage due to strict shelter-in-place orders refer to only small regions of the United States.

That means that many public cloud providers may have significantly less capacity than you might assume. While cloud service providers insist that they are adding capacity, they may realistically be limited in their ability to do so, because adding more cloud capacity means adding server racks to data centers or even building new data centers. Adding new server racks requires manufacturing new electronics equipment, which may not be possible with manufacturing facilities shut down or operating at less than full capacity. Building new data centers takes years in the best of conditions. With public cloud providers scrambling just to provide and prioritize capacity, it's fair to say that security could be suffering, too.

Your Cloud Storage May Already Be Compromised

A new survey from Fugue has found that cloud security professionals are deeply concerned about the security risks posed by swift transitions to remote working for security teams and others for whom remote working is possible. Many companies have been forced to come up with business continuity plans including remote access policies, devices, and networks on the fly and with little notice. A fast shift to highly or fully distributed teams is bound to leave some security gaps, including cloud misconfiguration, which IT professionals point to as a major risk factor for cloud data breaches. Eighty-four percent of IT professionals surveyed said they're concerned that their organization may have already experienced a cloud-based data breach of which they remain, as of yet, unaware.

Every team surveyed that was operating on the cloud already has a cloud misconfiguration problem, with 73 percent citing more than 10 cloud misconfiguration incidents per day, 36 percent citing more than 100 per day, and 10 percent experiencing more than 500 per day. The remaining three percent don't even know what their misconfiguration rate is. More than half (52 percent) say that cloud misconfiguration errors are due to a lack of awareness of cloud security, while 49 percent blame adequate oversight and 43 percent just can't keep up with the number of cloud interfaces and API they now have to govern.

The majority, 73 percent, of teams are using manual log analysis and remediation tools to identify problems, but manual remediation creates its own set of problems. Human error can mean missing or mis-identifying critical misconfigurations in at least 46 percent of cases, and can interfere with remediation in at least 45 percent of cases. Clearly, automated advanced threat protection is more crucial than ever for companies who have moved or are moving onto the cloud as a result of COVID-19 concerns.

It's also important to use an enterprise-level cloud solution with stringent security measures in place. Public cloud services may have neither the security nor the capacity your company needs to protect enterprise data. While enterprise-level cloud storage may cost more, it's worth it to protect your sensitive data.

The COVID-19-inspired transition to remote work has changed every industry, perhaps even after the danger has passed. But you need to be extra mindful of your company's data security as you move to cloud services. The cloud is not more inherently safe than your physical network onsite — rather, it brings its own set of security issues that could put your company's data at risk.