There’s no Crying in Baseball, or Cloud Security

cloud-security

Cybersecurity is topping the roster as one of the biggest business concerns for enterprises, with a batting average of 117,339 security incidents per day detected in 2014. According to a Global State of Information Security Survey 2015 conducted by PricewaterhouseCoopers (PwC), the annual number of global security threats last year grew to 42.8 million, up 48% from 2013.

Corporate enterprises aren’t the only organizations with Internet and cloud security concerns; now Major League Baseball has been pitched a curve ball with the allegations that St. Louis Cardinals’ front office personnel illegally hacked into the Houston Astros’ databases. According to the Astros, their central database, coined “Ground Control,” was breached several times in 2014, with one breach originating in Jupiter, Fla., where the Astros conduct their spring training, in a home leased by members of the Cardinals’ baseball operations staff. The FBI is investigating the hacking and it is rumored that a previous Cardinals employee, who now works for the Astros, played a double header by using the same password for both teams’ databases.

With the most frequent source of data breaches coming from within organizations’ own infields, it is no surprise that the Astros got caught looking when their database was being hacked. PwC reports that the number of hacking incidents attributed to former employees rose from 27% to 30% between 2013 and 2014. So much for the home field advantage.

Proprietary databases with player trade information, statistics and scouting reports are high-value assets in major league sports. Franchises that use the public Internet to access these databases are getting themselves in a real jam. Managing security risk in the interconnected era can be a big money ball ̶ Gartner predicts that IT security spending will reach $76.9 billion in 2015.

Cloud security has long gotten a bad rap from its literal connection to the public Internet. Attackers and their pinch-hitting robots pepper the Internet daily with attempts to find a sweet spot to slip in a backdoor slider that could have catastrophic effect on any website and its customers. In 2014, the Heartbleed encryption bug affected about 17% of the Internet’s secure Web servers, making stolen encryption keys and passwords – even those protected with SSL/TLS encryption – more common than stolen bases, and impacting companies including Amazon, Pinterest, Airbnb and WordPress.

So all the bases need to be covered when it comes to corporate security ̶ the price is too high. In the PwC survey, large businesses reported an average $5.9 million in financial losses in 2014 due to security incidents.

To keep cybersecurity hackers from making a bang-bang play on your cloud infrastructure, here are some surefire cloud security home runs:

  • Establish data centers within colocation facilities with dense ecosystems of network and cloud providers and private interconnections where you can improve resiliency via bypassing the public Internet and leverage direct, secure connections to multiple cloud providers.
  • Deploy distributed and interconnected IT infrastructures out to the edge of your corporate network and the Internet, and implement security services closer to users and clouds that all reside in the same data center facility.
  • Store and protect data where it is originated for data residency and compliance, and replicate database and disaster recovery applications in the cloud for accessing that secure data.
  • Look closely at whether you can benefit from using any security features offered by your cloud service providers.
  • Encrypt sensitive data at-rest and in-transit, whether or not you are obliged to by law, since a time may come in the future when you will need to.