Is Your Cloud Safe From Ransomware?
By Sheila LaharCompanies move to the cloud for various reasons – some looking for lower costs; others are looking for ease of administration and better collaboration tools. Switching to the cloud also opens up a whole new set of questions with regards to security and compliance. You should always be asking, “How will I know our data is safe?” or “Are we able to remain compliant with regulations if we adopt this tool?”
SaaS vendors make the argument that they are following strict security guidelines and take your company’s data protection seriously. For example, Google has gone to extraordinary lengths to provide Google Apps administrators with the tools to manage risks in their environment. Admins can require dual-factor authentication, force HTTPS, and data is encrypted at rest. While there are certain risks with storing data in the cloud, companies benefit from using a (cloud file) solution such as Google Drive because it creates a second copy of local data and stores it easily in the cloud. Data in Google Drive is more accessible and therefore more useful. It can also serve as a backup. But wait, is this really a backup?
Let’s look at the recent example of the CryptoLocker virus, ransomware that afflicts Windows machines by encrypting local files using RSA-2048 bit keys and demands payments of hundreds of dollars through prepayment services such as MoneyPak or the equivalent in Bitcoin. PCWorld reported that it has brought in an estimated $30 million in payments – check out the article.
For many, paying a ransom is a better alternative than data loss. But is it the only alternative?
You’re backing your important files up to Google Drive, right? Everything is there, right? Think again. If you’re infected with CryptoLocker, the files on your local hard drive will be held at ransom (by encryption) and guess what, the copy that you have in Google Drive was overwritten when your computer synced. Your “backup” is also now held at ransom. Is that it, is everything lost?
The CryptoLocker virus is an example of the need for cloud-to-cloud backup. Cloud-to-cloud backup solutions offer a secure, second copy of your data. In the Google Drive example above, users would be able to sleep better at night knowing that their Google Drive documents are versioned. With cloud-to-cloud backup, all prior versions, a.k.a the unencrypted/non-ransomed version of each file is safely stored and can be accessed at any time. These solutions protect the files that you store in the cloud from malware such as CryptoLocker in addition to other potential risks such as accidental deletion or corruption Backupify protects the files that you store in the cloud from malware such as CryptoLocker and other risks such as accidental deletion or corruption. It’s better to be safe than sorry! (Just ask the victims of CryptoLocker.)