It seems like every week we hear about another security breach at a major company: Apple, Target, Home Depot, TJ Maxx, etc. With more and more of our personal data being stored in cloud databases, how vulnerable is our personal information? And how worried should we be about our students’ information in our Student Information System and Financial Aid systems? The short answer is, it depends on your cloud provider. When set up properly, cloud systems can be more secure than your PC at work or at home.
Let’s look at how these big breaches have occurred. Naughty pics of celebrities were taken on their iPhones and uploaded to Apple’s iCloud. Apple’s database didn’t have a weakness; the celebrities’ passwords did. They were too easy to guess, and they were the same as on other applications that may have had weaker security. So use strong passwords with at least 8 characters, with a combination of upper case and lower case letters, numbers, and special characters. Don’t use the same password for everything. Yes, it’s hard to remember a lot of different passwords. The solution is to have a password manager application which stores your passwords to different websites. There are several good ones that will work on any of your devices: KeePass, LastPass, Keeper, etc.
The credit card breaches at Target and Home Depot were caused by hackers installing malicious software (malware) on the point-of-sale devices at the stores. The credit card numbers were siphoned off and sent to the hackers before they even reached the databases. Those companies should have locked down those devices so that no unauthorized software could be installed on them. TJ Maxx’s breach a few years ago was caused by an unsecured WiFi network connecting their point-of -sale devices with the store server, and the data being transmitted without encryption. What you can do is to make sure that your school’s IT department locks down your PCs and point-of-sale devices so that only System Administrators can install software on them. Also make sure that they secure any WiFi that is on your internal school network. Outside of your school,make sure that you have a firewall and antivirus application on your laptop, tablet, or phone if you use a public WiFi network (Starbucks, airports, etc.). There are some good free ones like Avast that will work on most devices. If you have WiFi at home, make sure it is secured with a strong password, and that you have changed the default password to log into the admin site on your router. Also, if your WiFi router is more than 2 years old, you should replace it with a new one that will have better data encryption over the air.
So let’s get back to the cloud. There have been relatively few incidents of hackers getting directly into the databases in the cloud. This has happened in a few cases of cloud providers that do not have enough restrictions on who can log into the servers, do not encrypt their databases, or do not have proper validations of the data input into fields on their web sites. These vulnerabilities may exist at smaller cloud providers, those who do not invest in data encryption software, or who do not use the best practices for web application development.
FAME takes data protection very seriously. We require strong passwords on our Advantage FinAidand Advantage SIS cloud (SaaS) applications, as well as on our internal corporate network. We restrict the access to directly log into our cloud servers only to our Cloud Operations Team. We have dedicated database servers, not shared with other companies, so no unauthorized people can log into those servers. All data that is input into those applications is encrypted all the way from the browser to the database. We do not have any point-of-sale devices, so that type of breach couldn’t happen. We don’t have any WiFi on our internal network. We use BitDefender,a top-rated antivirus and firewall software, on all of our computers. We have invested in the best database encryption software in the industry. Our data is so secure that even if a hacker were to break into our cloud network and download a database, it would take them over 30 years to decrypt it.
To answer the original question, yes, your data is safe in the cloud if it is in FAME’s cloud.
By: Andy Wiener, CIO
Andy has over 30 years of experience in IT, Software Development, and Information Security. He holds CISSP and CISM security certifications. As CIO, Andy is responsible for the development and delivery of FAME products, both external and internal, and oversees FAME’s Development, IT, QA and Implementation teams. Prior to joining FAME, Andy held various executive and senior management positions including 15 years at Nortel, later moving on to be CTO and VP at several companies in South Florida.