The world after WannaCry ransomware attack: Is the Cloud secure enough for your data?

With the most recent WannaCry ransomware attack on more than 99 countries with thousands of locked down machines globally, many organisations are asking if their data is more or less secure in the Cloud?

It’s a valid question and I personally never try to supress or trivialise clients concerns even if the concern seemed unwarranted or doesn’t have factual basis. On the contrary, I felt that my clients concern about how secure their data in the cloud is very relevant and requires addressing.

If we look at the WannaCry ransomware attack on the UK National Health Services (NHS), you will find that most computers affected where machines running old versions of Microsoft Windows, namely Windows XP and some Windows 7 ones. First question that comes to mind is why these machines were not upgraded especially that Microsoft offers significant discounts to the UK public sector organisations. But then to answer this question, we have to go into the politics of the UK government and its spending approach, which is something we won’t cover as I never talk politics on my blog.

However, the effect of the WannaCry ransomware attack, has meant that data stored on computers were lost. These could be some simple working files of no significant values but I am sure there were some computers that had information and files of considerable value and only stored on these computers. Now imagine if every one of these machines had a Microsoft OneDrive for Business account (or equivalent cloud storage) where all files stored on the computer were copied instantly to the cloud. In this case, the loss would have been probably nil. The cost of a OneDrive for Business account for a Public or Government organisation is next to nothing (~£1/month). With a copy of all your files are in the cloud, so whether it is a hack, ransomware attach or simply a hardware malfunction, you will always have your files in the cloud.

This is a simple example but explains to the regular non-Techie reader how the cloud could have helped in this case.

Another example to show the power of the cloud. For any organisation to setup an adequate backup services, disaster recovery and a complete data centre with appropriate data security and unauthorised access protections, it will cost them a lot. It will vary depending on the size of the organisation but for a medium to large organisation, the cost can easily reach the millions of pounds. Now compare that to the assurance and reliability as well as the cost reduction and savings a public cloud offering can deliver to this organisation because of the economies of scale. You will find that organisations are not only saving money, but they are “outsourcing” their data centre to a Cloud Provider, such as Microsoft’s Azure Cloud. In this case, organisations do not have to worry about penetration testing, unauthorised data access precautions or complex data centre security measures, over and above the standard security measures applied by all organisations.

So to summarise, my view is that having your organisation in the cloud will save you money and save you a headache of security your data centre from various data security threats by “outsourcing” these responsibilities to your reliable provider who is investing millions to secure their massive Cloud and applying security measures that many organisations cannot afford or would not be able to undertake.