The public cloud brings a lot of benefits, but not without serious security risks. This is despite major investments and advancements in making public cloud offerings more secure. AWS, Azure and Google, specifically, continue to deliver new capabilities to increase the security of their services. However, such features must be properly implemented, human processes must be refined, and threats are unrelenting. For companies that store sensitive data, this reality cannot be ignored.
Research reveals threats lurking in public cloud environments
Many organizations mistakenly assume that cloud providers simply take care of data security measures. In actuality, the customer must embrace an active role. Even for IT teams that fully realize their responsibility, there’s often confusion about what exactly needs to be done to secure a public cloud deployment. On the to-do list is managing user identities and roles, assigning and periodically rotating keys, properly managing access control to bucket/object data and so on.
Because AWS S3 is such a massively popular storage service, it receives a high amount of attention in the security area. Research has found that by leveraging Amazon S3 buckets as a new attack surface and using targeted attack vectors, malicious actors can not only steal your data, but also hold it for ransom.
A recent report by one security firm uncovered that nearly all businesses have identities that leave most (90%+) of their Amazon S3 buckets vulnerable to ransomware. That’s largely due to a “toxic combination of overprivileged identities and poorly configured environments.” The sobering report concluded that it’s not a matter of “if” but “when” a massive ransomware attack on the AWS cloud platform would occur.
This fact leaves many IT teams facing a conundrum: You need the flexibility and the scalability that the public cloud provides, but you must also ensure your highly sensitive data is protected, especially as the risks rise.
Is it possible to have the best of both worlds? Absolutely.
Rising ransomware attacks put data at risk
You can barely go a day without seeing reports of high-profile ransomware attacks in the news — they’re hitting businesses, large and small, in every industry. What’s more, ransomware attacks and data breaches are getting more expensive in every sense.
Here are just a handful of recent stats that underscore this point.
- At least 75% of IT organizations will face one or more attacks by 2025, according to Gartner.
- Average data breach costs rose from $3.86 to $4.24 million in 2021 — the highest average cost in 17 years.
- Ransomware is predicted to cost its victims over $265 billion annually by 2031.
- In 2021, the average downtime for a company after an attack is 23 days — up 10% from the year prior.
- A single hour of downtime costs $300,000 or more for 91% of mid-sized and large enterprises.
Ransomware is an inevitability at this point, but data loss doesn’t have to be.
Reaping the benefits of public cloud without the drawbacks
Yes, the public cloud offers a lot in the way of scalability, on-demand agility and rich feature sets. But it can also be expensive. Case in point: Across 50 of the top public software companies currently using cloud infrastructure, an estimated $100B of market value is lost due to cloud impact on margins, relative to running the infrastructure themselves.
Also, what you gain in convenience, you lose in terms of control over your own security policies and procedures — not to mention your data sovereignty. What if there was a solution that brought all the advantages of the public cloud to your data center? This is the promise of unbreakable cloud storage for data centers. It’s essentially your own private cloud storage service.
How unbreakable cloud storage bulletproofs your data against ransomware
Scality unbreakable cloud storage unites the aforementioned benefits of the public cloud with ease of use, bulletproof ransomware protection and zero data loss—all at up to 80% less cost than traditional or public cloud storage.
What makes it inherently more secure than the public cloud? Scality is typically deployed in a data center behind other security layers and services, including secure firewalls, network security, application servers (which also provide authentication and access control at this layer), and, ultimately, the data storage. As part of an overall, comprehensive security and ransomware protection infrastructure within the data center, it’s fundamentally more controlled and, hence, secure than a storage service exposed directly on the public internet.
An on-premises, immutable data vault
There’s a level of security and privacy that only an on-premises environment can provide. With Scality, you get that full autonomy over your security and data access policies, plus AWS-compatible S3 storage that supports data immutability.
Data immutability via S3 object lock ensures your data will be stored and protected in original form. By partnering with Veeam, we ensure that Scality RING and ARTESCA solutions provide for truly air-gapped, tamper-proof backup data that stays immune to ransomware — offering a robust and quick recovery path in the event you are attacked.
Improved control of identities and access
As mentioned earlier, one of the biggest issues contributing to S3 bucket insecurities has to do with identities and permissions — in other words, access control. With the right implementation of object storage, however, key-based protocols can help ensure only authorized users can access data. You can set granular access control so that administrators can deny/allow access to certain data — for specific users or groups of users — and even disallow writes (to overwrite data) or deletes entirely. This capability provides a higher degree of protection against attack threats.
On-prem cloud storage creates a win-win situation
Ransomware isn’t going away. And rising cloud adoption is one of the top issues currently driving security investments. Fortunately, there’s now a better way to grapple with these challenges thanks to on-prem cloud storage.
To learn more about how organizations like the National Library of Scotland are benefitting from the ransomware protection unbreakable cloud storage provides, go here. And don’t just take it from us — here’s what analysts at Gartner and IDC are saying.