From Kaseya to Solarwinds to TeamViewer, it’s not news that the risk of cyberattacks in the networked world is growing. What is new, however, is that more and more enterprise software cloud providers are becoming the focus of cybercriminals. Read the following post to learn how you can reduce the risk of cloud attacks.
Once a virus is in the cloud, it’s often already too late. The loss of sensitive data or company secrets as well as blackmail with ransom demands can be unpleasant consequences. And not just for a company. Via the interfaces of the cloud, the virus spreads quickly to other companies and, in an emergency, can affect entire supply chains. So the question arises as to how the risk of hacker attacks on cloud providers can be reduced.
Globalization, division of labor, dependency
The Corona pandemic has shown us that the globalization of the world does not only bring advantages. It was the interconnectedness of countries and people that allowed the virus to spread so quickly to so many countries around the world. But there are also disadvantages in addition to the health crisis. German companies are increasingly noticing how dependent they are on the functioning of international supply chains. If Corona breaks out in a Chinese components plant or the shipping lane is blocked due to an accident, German companies may stop production due to a lack of components.
The cloud – a blessing?
This dependency can also be related to technical infrastructures. Nowadays, there are hardly any programs that work offline without an Internet connection. More and more companies are using IT cloud software from international providers. In the field of IT, this allows all networked computers and systems to be monitored, managed, controlled, and maintained from a central location. All possible through interfaces to and through the cloud.
By using cloud software, companies do not have to build their own and expensive IT infrastructure on-site. Since the cloud provider provides all necessary resources, companies can access necessary data and services via an internet connection. This type of data storage is therefore often cheaper for companies, as the cloud does not require maintenance and updates, unlike self-hosted servers. There are virtually no maintenance costs, as much of the updating and upgrading is done on the cloud server. Another advantage of cloud computing is that data stored in the cloud can be easily accessed from anywhere there is an Internet connection.
However, networking through the cloud also carries a great deal of risk.
The cloud – a curse?
The connection between programs and the Internet means new gateways through which hackers can smuggle malware into the system. After successful infection and the blocking of computers and processes, entire production landscapes can be brought to a standstill, which in turn would have a major impact on international economic cycles.
When a cyberattack occurs via a cloud provider, there is immediately a high number of affected companies. Thus, a company does not have to be attacked immediately and the malware can quickly spread to countless partner companies via interfaces in the cloud.
The cloud as a multiplier
This year’s hacker attacks on Kaseya and SolarWinds show that this scenario is not an unlikely vision of the future. Both companies offer IT software via a cloud, and both were attacked and hacked via their clouds. The impact: countless affected customers in several countries. Hackers often blackmail companies into paying high ransom demands by blocking systems. The business is quite lucrative: the world’s largest meat company, JBS, has reportedly paid a whole eleven million dollars in ransom to cybercriminals in order to regain access to internal data.
Cloud password manager
Many password managers on the market are also operated via cloud services. A successful cyberattack on such a password management cloud provider would be a disaster for companies, as personal data and operational secrets could fall into the hands of cybercriminals.
Similarly, with cloud providers, there is often the problem that it is not apparent where information such as access data and passwords are stored. If the password manager is from an American corporation, the information is often hosted on servers there as well. This can be critical with regard to European data protection law. Because then the American Secret Service can also access the personal data – and even without a court order.
How can companies protect themselves against this?
Goodbye cloud – welcome back on-premises?
For greater security, it may be worth taking a step back into the past, when not all systems were networked via the Internet. At least this way, there is no longer the risk of indirectly becoming the target of a hacker attack via networking in the cloud with other companies.
One option could be to rely on self-hosted solutions for specific systems that protect very sensitive data. Self-hosted means that the customer looks after the IT infrastructure itself, on its own servers on site or in the public or private cloud. On-premises is the name given to a licensing model for software when the software is only operated on the company’s own network. All data is therefore physically stored only on the company’s own data centers.
On-premises solutions have the advantage that sensitive data such as access data and passwords are only hosted locally on the company’s own servers and are therefore more secure against cyberattacks on cloud providers.
Password Safe Self-Hosted
Password Safe password manager is a self-hosted software solution. This means Password Safe is provided on in-house servers, all information remains offline in the company. Customers thus retain full data control. Since the data is automatically stored only on the company’s own servers in the country in which the company operates, the storage of personal data is DSGVO-compliant.
Password Safe: work securely with certainty
The combination of the Password Safe web and app connection allows employees to securely access their data from anywhere: whether in the office with the web version or from a business trip with the free app. This makes working across locations effective and secure.
Because the risk of cyberattacks can only be reduced if all company access points are protected by long, unique, and complex passwords. With Password Safe, employees can easily create complex and unique passwords for all accounts and accesses. They don’t have to remember these passwords because they are stored securely in Password Safe. This way, employees can log in with one click, create secure passwords using the password generator and share passwords with colleagues quickly and secretly.
Password Safe MSP
Especially for smaller companies with few employees, self-hosted software solutions are difficult to implement due to the high acquisition and maintenance costs. However, so that SMEs can also secure their access and passwords with Password Safe – without being attacked by large cloud providers, there is Password Safe MSP. Password Safe is provided and maintained by certified partners in companies. The data is hosted in secure data centers in the DACH region.
Curious about Password Safe as a self-hosted solution? Then read our last blog article on the subject here.
You don’t know whether Password Safe Self Hosting or MSP suits your company better? Then read our latest white paper on the topic here for free!