Virtualization Technology News and Information
Top 5 Risks on the Cloud to Confidential Data

Data is everything. All of our data, both personal and professional, needs to be stored safely. The cloud is an increasingly popular option for data storage, due to its shareability and relatively high security. In fact, as of 2022, the cloud contains over 60% of all corporate data!

But no data storage method is without risk. As cloud usage grows, so does cloud-based cybercrime. A report by Check Point and Cybersecurity Insiders found that 27% of organizations had experienced a cloud security incident - an increase of 10% compared to last year.

Read on to learn about the top 5 risks on the cloud to confidential data and, more importantly, how to protect against them.


Why you should use the cloud for data storage

The cloud refers to any software or services that run via the Internet instead of on a local device like your phone or computer. For example, instead of using your cell phone to make a business call, you can make calls over the internet using technology like enterprise VoIP. But you may still find that a call keeps dropping, just as can happen when making a call on your cell phone.

The cloud frees up processing power on your device and allows you to access the same data from literally any device, as long as it is connected to the cloud.

Google Drive, Dropbox, and Microsoft OneDrive are all cloud-based software with millions of users. These file storage apps are what most people think of when you mention the cloud. Files make up a portion of the cloud's content but for this article, we'll mainly be focusing on databases.

Companies often consult external data processing SaaS businesses to help manage data storage. This includes platforms like Snowflake, Hadoop, and Amazon Web Services (AWS). For example, Hadoop uses multiple nodes to break down big data jobs into smaller workloads.

The importance of data confidentiality

People have a right to privacy which extends to their information. Personally identifiable information (PII) includes someone's phone number, email, and home address, just to name a few examples. You may choose to give that information out to friends or colleagues but that doesn't mean you want it to be accessible to anyone in the entire world with an internet connection.

Having access to someone's PII basically means you have access to that person's resources. It can be misused in identity fraud or sold on to other parties. For example, services similar to DocuSign require the user's signature. As a signature is shared across all of an individual's legal documents, it can cause a lot of damage in the wrong hands.


Payment card industry (PCI) data is another set of information that needs to be kept confidential. A data breach of credit card details opens the doors for thousands of dollars in fraudulent transactions. Any gaps in security around confidential PII or PCI puts your customers at risk.

When dealing with confidential data on the cloud it is essential to check data protection and privacy laws in your region. For example, any business operating in the UK or EU must comply with GDPR (General Data Protection Regulation). In these cases breaching data confidentiality can result in both professional and legal consequences.

Data security needs to be considered at all times, even when doing business that doesn't typically come to mind when you think of ‘data'. Whether it's a top email service or a Microsoft contact center, these providers will all have measures in place to keep your data safe. Your own company is no different!

Both you (the company using the cloud service) and the cloud service provider are responsible for data confidentiality and data access governance. The most secure strategies for data protection on the cloud include measures from both parties, so keep that in mind when putting a plan together.

Top 5 risks on the cloud to confidential data

1.    Denial of Service attacks

Denial of Service (DoS) attacks flood a cloud service with spam requests so it becomes unusable for actual customers. The basic aim is to reach the limit of the servers' CPU, RAM and bandwidth capacity which completely overwhelms the service.

These attacks are known as Distributed Denial of Service (DDoS) attacks when the perpetrator uses multiple sources to attack the same service. Distributed attacks often cause even more disruption because of how it comes through several channels.

DoS attacks can strike at different levels of the network or servers: the infrastructure layer and the application layer. Infrastructure attacks are the most common type - they're big, have easily detectable signatures, and just try to overwhelm the network with floods of data.

Application layer attacks focus on smaller targets, typically the most expensive or difficult-to-repair parts of the software. Common targets are login pages or search engines.

Both infrastructure layer and application layer DoS attacks can cause huge amounts of financial damage. You or your company will have to shell out for the extra processing power used by the servers during the attack, which won't be cheap!


How to prevent it:

DoS attacks are characterized by sudden huge increases in online traffic. Keep track of what that server's ‘normal' traffic is so that any irregular spikes are quickly noticed.

You can also put protocols in place that make it easier to handle these traffic increases. A server's capacity can be increased by using certain network interfaces or adding load balancers.

Load balancers automatically scale to accommodate the extra traffic if a DoS attack takes place. Think of it as the data cloud version of when you want to park calls in a customer service office - a way to manage when demand overtakes capacity.

2.    Data loss

Many of the risks in this article come from deliberate attacks by cybercriminals. However, sometimes confidential data is simply lost by accident. Hardware failures or freak accidents (eg. fire, flooding) can be just as damaging as a planned attack.

How to prevent it:

The cloud is resistant to local, device-based data loss because the same data can be accessed by multiple devices. What you need to watch out for is damage to the central cloud servers! It is essential to regularly backup all stored data to off-site servers (while still complying with any regional data protection laws).

3.    Malware

Malware is a fairly broad umbrella term that includes any software designed to disrupt or damage a computer system. It usually gets into your system by accident - clicking on infected links or malicious adverts can open your computer up to malware.

Malware is often well-hidden so that it appears authentic. Transactional emails from businesses are an everyday occurence in our inbox, but make sure it's the real deal before clicking any links.

Cloud-based storage services are often targeted by ransomware, specifically. This type of malware encrypts the stored data and holds it until the ransom money is paid by the company. The more confidential the data, the more money it can be sold for.

How to prevent it:

Training employees to spot fraudulent ads or links is the biggest step a company can take against malware attacks. Don't trust emails that come from outside the company or from anyone with an untrustworthy email domain.

It is worth installing some antivirus software on both company devices and the cloud system. There are dozens of options out there, but all of them will alert you if any malware threats are detected.


4.    Compromised accounts

One of the biggest ways that criminals access confidential data is by pretending to be someone who has legitimate access to it. Scams such as phishing directly steal a customer's information (for example their password) and leak data via that individual's account.

Accounts can also become compromised if a customer accidentally reveals security information or uses security answers that are easy to guess.

How to prevent it:

User Entity Behavior Analytics (UEBA) is the science behind spotting abnormal behavior on customer accounts. If an account that only accesses small amounts of data a few times a month suddenly triggers a huge traffic spike, it could indicate a compromised account.

This means you may be able to spot that an account has been hijacked before any major data breach happens.

Users should also be very cautious about revealing information that hints at their password or security answers. Social media games that ask for your pet's name, for example, pose a big risk here. Finally, two-stage user authentication stops accounts from being compromised with just one piece of security information, as both email access and the correct mobile device are required.

Image sourced from

5.    Insider threats

The risks that we've talked about so far are mostly external - from cybercriminals who weasel their way into the cloud through malware or stolen identities. Unfortunately confidential data is also at risk from insider attacks.

Insiders can be any current or former employee that has some level of legitimate access to confidential data or your cloud mainframe. They can also be people who work with the company as a third party, such as influencers within the affiliate marketing business. They then abuse this position by deleting or sharing sensitive data outside the secure network.

How to prevent it:

Access to confidential data should be granted on a strictly ‘need to know' basis. Fewer people with access means fewer potential sources for insider attacks! 

When sensitive data is involved, avoid things like phone forwarding or CC'ing emails to other employees unless it is absolutely necessary and fully secure.


Cloud technology has revolutionized the way that we store and access data. As this software has developed and more companies have embarked on cloud infrastructure modernization, so have the methods of cybercriminals. Fortunately, you now know the top 5 risks on the cloud to data confidentiality:

  • (Distributed) Denial of Service Attacks
  • Data loss
  • Malware
  • Compromised accounts
  • Insider threats

Protecting against all these different types of attacks can seem like an impossible task at first. There is, however, a shortlist of preventative measures that you can take to protect confidential data stored on the cloud:

  • Backup data to secure off-site servers
  • Employ load balancers to accommodate traffic surges from DoS attacks
  • Avoid clicking on any links or online adverts that you don't trust
  • Install antivirus and anti-malware software
  • Use multi-stage user authentication



Richard Conn - Senior Director, Demand Generation, 8x8

Richard Conn 

Richard Conn is the Senior Director for Demand Generation at 8x8, a leading communication platform with integrated contact center, voice, video, and chat functionality. Richard is an analytical & results-driven digital marketing leader with a track record of achieving major ROI improvements in fast-paced, competitive B2B environments. Check out his LinkedIn.
Published Monday, February 20, 2023 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2023>