Moving your data to the cloud? Lots of reasons to do it, but cybersecurity concerns remain

Joe Ohr Hs 1000x500 Headshot

I recently visited a less-than-truckload (LTL) carrier that was making a big move in the area of cybersecurity – and by that, I mean a literal move. Members of the carrier’s team were in a basement, moving information from the servers housed in this basement to cloud servers.

The thinking was not uncommon: once the data is no longer on-premises, there will be far less reason to be concerned about cybersecurity.

That is not precisely true. If all a carrier’s data is moved to the cloud, the imperative to think about cybersecurity will now evolve into different concerns. But the entire trucking industry needs to understand in no uncertain terms that if you have data, it must live somewhere, and someone is going to look for a way to compromise it.

A growing number of trucking companies are moving their data and technology to cloud-based operations, and there are good reasons to do so. It saves money on hardware and often eliminates the need to spend time and money on the implementation of locally based software since the programs are often available as cloud-based applications.

I believe strongly in the advantages the cloud offers for many trucking companies. It allows them to simplify their internal IT operations and bypass a great deal of work and expenses that could be deployed in better ways.

But the cloud is not without its downsides, and one of the biggest downsides is that companies who use it think they can be lax about cybersecurity. Newsflash: You can’t. Cybersecurity risks are just as real in the cloud as they are with your basement server, and in some cases the potential for loss with a cyberattack is even greater with the cloud.

These risks can be managed. But they cannot be ignored.

Cybersecurity vulnerabilities for cloud users usually start with cloud misconfigurations. Because cloud configurations are complicated by nature, with multiple storage buckets, it’s easy to overlook a subtle misalignment that can expose something to the internet when you thought it was secure.

Partner Insights
Information to advance your business from industry suppliers

This points to another issue with cloud security: The people who were experts at securing your basement server don’t necessarily have the same level of expertise when it comes to the cloud. You need to make sure the right people are managing your cloud environment.

Another potential vulnerability with the cloud involves Application Program Interfaces (APIs). Because APIs allow different kinds of programs to talk to each other and exchange data, an API breach is a cyberhacker’s gold mine. It can give hackers access to all the programs and users working through them, which becomes a nightmare for the target company when you realize how many parties and programs are involved with these exchanges. When all this is happening on the cloud, the exposure is potentially that much greater.

API security is critical, which is why NMFTA’s Digital LTL Council is working on a series of API standards for every phase in the life of a shipment. The cloud only makes the need that much more profound.

Another thing to keep in mind about moving your data to the cloud is that access to the data merely requires the proper credentials. Here is where many companies will insist confidently that their system is airtight. But many companies often make the mistake of over-credentialing people who don’t need nearly as much access as they’re given.

Most people only need minimal access to do their jobs. Very few need high-level administrative access. Yet most companies err on the side of broad access, figuring it’s important to trust their people, giving them access to everything they need to do their jobs and not inconveniencing them if it isn’t necessary.

That’s understandable to a point, but the fact is that security isn’t convenient. And it becomes an even bigger problem when people leave the organization and they’re not properly off-boarded. Do you know anyone who can still check the schedule of their former employer because no one bothered to terminate their system credentials? Now imagine if someone left the company, still had access to the cloud data, and was hostile.

These are all very real concerns with cloud data. So is the fact that, if cloud data were ever to be lost, the company would have no way to get it back unless it utilized a secure backup protocol. And if the backup isn’t on an offline storage mechanism that’s inaccessible to hackers, now the same old internal cybersecurity risks are back in full force.

Cloud systems have many advantages. The trucking industry is wise to take advantage of them. But they are not perfect, and they are not without their own vulnerabilities.

Learning to manage those issues effectively is the key to getting the most out of the cloud, without getting hit by the very kind of attack you went there to avoid.

Cloud security will be a recurring topic at the NMFTA Cybersecurity Conference that is set for October 27-29, 2024 in Cleveland, Ohio. Registration is open to carriers, shippers, third-party logistics providers, government, academia, and students.

Joe Ohr is Chief Operating Officer for the National Motor Freight Traffic Association (NMFTA). Ohr brings has more than 20 years experience in engineering product software, gained from roles at Omnitracs, Qualcomm, and Eaton.