How Does Cloud Hosting Keep Your Data Safe?#Data
by Casey ThompsonRead time:
Cloud Hosting vs. Cloud StorageYou may hear the terms “cloud hosting” and “cloud storage” used somewhat interchangeably.
The terms can be a little confusing, so let’s define them.
Cloud hosting means that your vital resources such as virtual servers, databases, and backups are located in a remote data center, better known as "running from the cloud".
Cloud storage would be more accurately described as data backed up to a virtual server, which is hosted in another, remote data center not located in the district. You can have cloud hosting without backing up your data to the cloud, and vice versa.
The terms are a little easier to understand if you remove the word “cloud.” You can work in programs on your computer, back up your data, and run your website without having the big computers you’d need to perform those tasks onsite anywhere near you.
They’re elsewhere—and you access them using a remote connection, a.k.a. the cloud.
The Threats Are RealWhile convenience and flexibility are certainly good reasons to move to cloud storage, data security and protection against ransomware are the clinchers for many districts.
Here’s why ransomware and related cyberattacks are such a threat to educational institutions and their data:
- Microsoft Security Intelligence found that 6.5 million devices in the education industry encountered malware in December 2021 and January 2022—far more than any other industry.
- The education sector ranked as tenth-most attacked sector, according to IBM, with 44% of educational institutions globally targeted by ransomware attacks, per Sophos.
- Educational institutions pay an average ransom of $112,435, though it costs an average of $2.7 million to completely mitigate the damage caused by ransomware.
- Despite the cash outlay, most organizations only got about two-thirds of their data back after paying a ransom, and only 8% of organizations got all their data back.
- Almost one-third of educational institutions admit they’re vulnerable to cyberattacks.
Why Everyone’s Not in the CloudGiven these statistics, moving to the cloud seems like a no-brainer—but districts haven’t moved en masse to virtual servers. Why not?
Districts are rightly reluctant to hand over data to any third party. They’re like the parent who’s hesitant to hand over their baby on the first day of daycare. It takes a leap of faith.
In addition, many districts have a significant investment in servers and supporting infrastructure. It’s hard to walk away from that, or consider another investment in storage on top of that.
Institutional memory might be another reason. It wasn’t too long ago when people were doubting the cloud’s ability to keep data secure.
Now, for the counterarguments.
As far as security goes, the pace of security improvements to cloud-stored data has outpaced security patches and improvements for servers and drives.
Furthermore, the issues with servers and infrastructure haven’t gone away; if anything, they’ve become more disconcerting.
For instance, more severe weather events, like hurricanes and tornadoes, with protracted power outages threaten data stored on servers in basements (which are susceptible to flooding) without adequate power-supply backups.
Go in Depth: Is Your District Disaster-Ready?
Staffing issues have also hit many districts’ IT departments hard, as developers, programmers, and cybersecurity experts leave for more lucrative remote-work jobs in the private sector.
Bad actors are even able to intercept data stored in remote servers before it is encrypted, so the only option districts are left with is to pay the ransom.
Finally, onsite servers and drives need to be constantly updated to the latest operating systems and malware blockers, and some districts simply lack the money, time, and manpower to keep up.
Best Practices for Cloud (And Non-Cloud) StorageRegardless of your storage method, reevaluating your storage practices is always a good idea.
One basic step security experts recommend is looking at how your organization stores and backs up data.
Specifically, you should be storing data in multiple locations according to the “3-2-1 rule”: Keep three copies of your data—one primary and two backups. Keep that data on two different media types. Store one copy off-site.
Want to improve your chances of data recovery after a cyberattack? Move to a 3-2-2 model, and keep two copies offsite. Whichever model you choose, it’s a good idea to store at least one of your recovery copies in the cloud.
Security pros recommend a practice called air gapping, which stores a copy of the district’s data offline away from any internet access. This eliminates hackers’ opportunity to intercept data on its way to remote servers for cloud storage.
Cloud-Storage Shopping TipsIf you are looking at cloud storage for your district, consider these tips as you shop.
You get what you pay for. Round-the-clock monitoring, daily backups, and a locked-down approach to security will cost more, but the cost will likely be less than the cost of having that level of security in your own data center. And because you’re only paying for the storage you use, scaling up or down is easy and economical.
Garbage in, garbage in the cloud. The effectiveness of cloud storage depends to an extent on the state of your data. If your data is poorly organized and lives in multiple locations in multiple formats, you could just be importing your problems to the cloud.
Ask how your data will get to the cloud. The best vendors have the best onboarding programs and data-transfer protocols. Again, you get what you pay for.
Talk about data recovery. Good cloud-hosting services have staff trained in data restoration that can help you get up and running quickly in the event of an attack or catastrophic data loss. What’s the value of that? If you never experience data loss, not much. If you do… it’s priceless.
Just to put a bow on everything, remember that moving to the cloud does not mean you can be cavalier about cyberattacks.
Preventive measures are always a good idea, such as holding disaster-recovery simulations, phishing drills, and educational seminars, implementing dual-factor authentication, and reviewing who has access to data.
All things considered, moving to cloud storage might be one of the easiest, best things you can do to protect your data. If you haven’t investigated it before, there’s no time to lose.
Either way, the cybercriminals are paying attention.
Follow-up resource: Get ahead of the cybercriminals.Learn why planning ahead can save big bucks in The Cost of Proactive vs. Reactive Data Security.
|Casey Thompson Web & Digital Media Manager|