Cloud Backup

We`re just sending through your details

Please give us a few moments whilst we get your account ready.


Top 9 Cloud Backup Data Security Threats

Top 9 Cloud Backup Data Security Threats

posted in Product ● 11 Feb 2016

Today’s forecast for data backups: mostly cloudy with a chance of being hacked; scattered malware infections; but later becoming more secure after taking better precautions. And there’s your trouble… not enough of the right precautions.

Fortunately, the Cloud Security Alliance (CSA) are on top of this. They’re ‘the world’s leading organisation dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.’ Here’s a summary of what they reckon you should be addressing first (read here for the full report) – it’s known as the Notorious Nine:

1. Data loss

It’s certainly the greatest threat to data security. Since your backup data is in the hands of the cloud service provider, a lot of trust is placed in that relationship.

The agreement with both your cloud service provider and your backup service provider needs to ensure that measures to protect against accidental deletion and unauthorised access are in place and that some form of redundancy exists to protect against data loss.

2. Data breaches

Your company’s confidential information can accidentally or deliberately be read by an unauthorised third party. When your cloud backup server is on a shared platform, without being designed for multi-tenancy, it could result in other tenants gaining access to your databases.

The easiest way to mitigate this is by encrypting your cloud backups on transfer through the network and also during storage on the backup server database.

3. Account or service traffic hijacking

When someone hijacks your accounts it’s because they got hold of your credentials, either through phishing, cross-site scripting, or social engineering techniques. Once this has happened, who knows what the perpetrators will get up to?

Take control of your backup accounts by not sharing accounts between employees, not re-using credentials across accounts, and also by implementing two-factor authentication as part of the log-on/sign-in process.

4. Unsecured interfaces and API’s

APIs provide greater flexibility in implementing a backup solution and also allow greater automation capabilities. However, with a solution that is so integrated with third parties, some control is inadvertently relinquished. This can make the data being transferred vulnerable to network eavesdropping and manipulation.

Here, the CSA recommends, ‘…it is critical for consumers of those services to understand the security implications associated with the usage, management, orchestration and monitoring of cloud services.’

5. Denial of Service

Denial-of-service or more commonly known as DDoS (distributed denial-of-service) attacks are nothing new and you’ll know you’re being targeted when your IT systems seem to come to a grinding halt. Since the reason for this degradation in performance is because the attacker is consuming as much computing resources as are available, this can leave you unable to access valuable backups or you might get billed by your cloud service provider for processing you never intended.

The Cloud Controls Matrix (CCM) has four controls to help mitigate this threat: IS-04, OP-03, RS-07 and SA-04 and has to do with resource planning and application security.

6. Malicious insiders

These include current as well as former employees, or any other business partner with confidential knowledge of your business. A malicious insider can leave your business especially vulnerable since they usually know which data security measures to circumvent.
Better IT policies around credential and role management will help prevent unauthorised access to your backup data.

7. Abuse of cloud services

Since your cloud backups make use of services that give you access to vast amounts of computing power, this power can be abused if it falls into the wrong hands, such as constructing a denial-of-service attack or trying to brute-force crack an encryption key.

Remedial recommendations can be found under CCM controls IS-24 and IS-26 which help define the legal parameters of the abuse and also describe an ‘acceptable use’ policy.

8. Insufficient due diligence

Cloud services are inherently complex in their hardware and software configurations. Additional factors come into play with distributed environments where legalities exist around data ownership across borders.

Before adopting full-scale cloud backups, your cloud service provider should be scrutinised for compliance to legislation such as the ‘Safe Harbour‘ agreement and other data protection regulations relevant to your region.

9. Shared technology vulnerabilities

Virtual machines and containers (like Docker) aim to provide isolated computing environments but sometimes data security vulnerabilities exist that can leave gaps in the boundaries between environments. These software vulnerabilities on cloud backup servers could render any number of customers vulnerable to data loss.

By tightening IT policies around better encryption, user access management, early software patching, and proper testing will help prevent loopholes from being exploited.

Bocada support for Redstor improves backup monitoring and revenue opportunities for MSPs

Reading, United Kingdom, September 23, 2021Redstor, a global data management and protection SaaS business, today announced a partnership with Bocada LLC, an award-winning IT automation company, to provide MSPs with greater visibility over customer environments and increase their revenue opportunities. 

Continue reading

XTECH and Redstor enter strategic partnership

Reading, 15 September 2021 – Redstor and XTECH announce a strategic partnership to protect customers’ traditional infrastructure as well as cloud and SaaS data from a single app.

Continue reading

How machine learning combats threats like the Kaseya ransomware attack that targeted MSPs

The recent ransomware attack on Kaseya, a cloud-based IT and security management provider services company that supplies tech-management tools to customers worldwide, has the potential to be the most serious cyber-criminal incident this year.

Continue reading