As the cloud has become the central data platform for enterprises around the world so it is an increasingly attractive target for hackers and criminals. Indeed, Microsoft’s latest Security and Intelligence report has shown that attacks on cloud-based accounts have increased by 300% in 2017 compared to 2016.
However, while the report states that: “a large majority of these compromises are the result of weak, guessable passwords and poor password management”, the report also identifies breaches of third-party services as a leading cause of compromised data.
This just goes to show how important it is that businesses choose cloud partners that can offer the highest levels of security – particularly when it comes to data hosting. Indeed, a separate report, Alert Logic’s Cybersecurity Trends 2017 Spotlight, has highlighted that security professionals’ top concern is securing data in the cloud. Interestingly, second on the list of concerns was threats to data privacy.
As security threats continue to grow, today’s IT departments need smarter and more responsive security solutions. In particular, they need to ensure that that their business’ data is safe and accessible only by you and your employees.
The need for greater security also means, as we have said before, that total end-to-end encryption is absolutely essential – it is simply not negotiable. Businesses have not just a right to protect their (and their customers’) data, they have a responsibility to do so. It’s why we have put encryption at the heart of the services we offer our customers.
And, for all the benefits of cloud platforms, that ultimately that is the key point. With security threats continually increasing, it is vital that any cloud solution is done right. There should be no shortcuts when it comes to data security.
This quote from a UK government official, perhaps more than any other statement, cuts to the core of the tension that exists around the issue of data encryption.
As we have documented here previously, governments, technology companies, enterprises and users have been at loggerheads over encryption for a number of years. Governments, particularly in the US and the UK have called for weaker encryption to aid security services in their efforts to combat terrorism, while businesses and users have largely been appalled by the idea that their data should be made less secure.
This issues remain close to the surface as reports this month reveal that the Conservative party in the UK, should it win the upcoming election, plans to push through measures to allow controversial Technical Capability Notices (TCNs) to force telcos, ISPs and social networks to hand over details of users’ communications – further weakening encryption in the UK.
These reports, and the quote from the unnamed UK official should show once and for all that for the UK and a number of other countries data privacy is seen as an inconvenience – something to be watered down and worked around, rather than something to be defended.
As the Open Rights Group commented: “It is worrying to hear that … the Home Office wants to push ahead with proposals to force companies to weaken the security of their products and services. Our core concern is that using TCNs to force companies to limit or bypass encryption or otherwise weaken the security of their products will put all of us at greater risk.”
There is no doubt, that for businesses operating in the UK this news should be extremely troubling. While the efforts to get ready for GDPR have rightly been prioritised by many businesses, it is clear that threats to encryption should be viewed as an equally important issue.