There’s no doubt cloud providers have stepped up their game significantly when it comes to protecting data, but when it comes to ransomware attacks, the cloud still isn’t the perfect way to hide from determined potential cybercriminals.
As Rob Shapland, a web security specialist, summed the facts up in a recent commentary, “even if all your data is stored in the cloud, it is not entirely safe, and it still needs some sort of ransomware defense.”
For one thing, he says, it’s a challenge to figure out the intricacies of the “shared responsibility model” under which, for example, a cloud provider may be responsible for the physical security of the servers, the hardware, and the host operating system and virtualization, but anything installed onto the hardware by the customer will be the customer's responsibility. “This means all the software and data is managed by the customer and, therefore, if the data is encrypted by a ransomware attack, it is the customer's responsibility to restore it”
Due to that shared responsibility model, Shapland says “the same principles of ransomware defense you would use if the servers were on premises need to be applied in the cloud.”
For starters, then, a regular backup process should be protected with multi-factor authentication.
Moreover, “patches should be applied to software using the same patch cycle your IT team uses for on-premises servers. Similarly, network security rules should be configured in the cloud to avoid exposing services that ransomware, such as WannaCry, can use to spread.”
In short, says Shapland, ransomware defense for cloud services should be treated the same as on-premises defense. “Using the same fundamental security processes as for on-premises data, and using a defense-in-depth approach with technical controls, combined with robust processes and regular staff training on cybersecurity, is the best approach to prevent your cloud data from being compromised.”