Cloud accounts are not local accounts

Blog / Cloud accounts are not local accounts

Giving cloud accounts the cybersecurity attention they’re due.

Cloud services used to be rare but have grown radically since their introduction, and many different kinds have been created over the years. There are data and file storage clouds which are likely the best known variety and include well-known products like OneDrive, iCloud, or Google Drive. However, while storage clouds are likely the most-widely recognized, Software as a Service (SaaS) clouds are among the most common. These include products like Microsoft’s Office365, Google’s competing Business applications like Docs and Sheets, and Adobe’s Creative Cloud, even though many people don’t realize SaaS applications are cloud-based services. And then there are the more utilitarian clouds that blend storage and IT-focused SaaS applications, like Amazon Web Services. As a result, virtually every organization these days uses cloud accounts of some variety and it’s not unusual for them to use multiple different clouds for different services.

Cybersecurity misconceptions about cloud accounts.

Just because clouds are common these days doesn’t mean they don’t come with risks. Providing software via a cloud is great for both small development studios, who can easily reach international markets, and entrenched big brands like Microsoft, whose Office365 applications can be accessed by users from anywhere, even while on vacation. But while it might seem obvious to say that users can access cloud accounts and services from anywhere in the world, because it is, there’s also an often overlooked potential problem; so can the bad guys.

Herein lies the major cybersecurity difference between using locally-installed applications as opposed to cloud accounts. Most of the time staff in the office will log into regularly-used workstations, which are protected by layers of physical security in a location under the control of the organization. For a bad actor to access anything, they’d potentially need to bypass locked doors, security cameras, motion sensors, both silent and audible alarms, windows bars, and any other physical security measures. None of that is true for a cloud service, which relies on technical cybersecurity measures.

The situation becomes even riskier for those who may have understandably but mistakenly assumed that security is the responsibility of the cloud providers. This is wrong. Cloud companies must provide basic security features like ensuring that one customer can’t access another’s data, and will likely defend their own software and server environments, but beyond that they have no legal obligation to protect your data or users. Adding extra cybersecurity is the responsibility of the user. There are other security tools like multi-factor authentication that the cloud operator may (or may not) offer, but even if they do, configuring and enabling such tools is up to you.

If you’d like to learn more about configuring security options for cloud services you use, or how to take advantage of TRINUS’s secure cloud solutions for your own organization, call 1-877-489-9985 or contact us via email and we’d be happy to help out with some stress-free IT.

For today’s Shakespeare quote we turn to Hamlet: “The cat will mew, and dog will have his day.”

Be kind, courtesy your friendly neighbourhood cyber-man.

 

/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.