The use of cloud storage has been rapidly increasing these past few years. The reason is that it brings many benefits to businesses in terms of productivity and flexibility.
However, old fears are still present. Small- to medium-sized businesses (SMBs) are concerned about keeping their data in the cloud. But why? And what can they do about it?
1. Trusting third-parties with sensitive data is hard
Thanks to the cloud, sharing data among teams is now much easier. This is a huge benefit for organisations but this is also the reason why they are worried about how easy it might be for unauthorised and malicious people to access their data.
The thing is, nowadays, businesses have to use the cloud. Organisations that won’t take advantage of its benefits are eventually shooting themselves in the productivity foot.
According to recent research from IS Decisions, SMBs believe that cloud storage is not as safe as on-premises. They then decide to use the hybrid approach (mix of on-premise and cloud storage), which can be the cause of many headaches for IT teams when it comes to managing the security across multiple environments.
2. Compliance with regulation is harder
Compliance with regulation becomes much harder when data is stored in the cloud. Despite the efforts made by the massive cloud storage platforms to ensure compliance with major regulations (like HIPAA, FISMA, ISO 27001 and many others), the concerns exist because there’s still a chance of data being intercepted or modified by people that are not authorised to do so.
A number of questions still exist — who is going to look after my data? Who is going to be able to see it? Is it going to be the people that manage the infrastructure for us? Is it going to be internal and external people? Is our data in a public cloud going to be segregated from data belonging to other organisations?
3. Stealing data is easier for leaving employees
With on-premise storage, the fact that you have to be physically in the office to access the data creates a natural boundary against unauthorised access. Also, native security permits only approve access for specific users within the organisation.
However, with data stored in the cloud, data can be accessed using any device and from anywhere in the world. The need to be physically present in the office is now eliminated making it much easier for leaving employees to steal information before they go.
The mentality around cloud storage is hurting data security
Cloud storage security is also affected by some human risks. The current mentality regarding cloud storage does not help ensuring security.
Almost 50 per cent of SMBs consider their own data to be more important than their clients’ data. Organisations and supply chains are more and more collaborating which means that almost every business that is connected to the internet stores client data on their systems.
How would you feel knowing that the security of your data is managed by one of your suppliers who thinks it’s less sensitive than you do?
49 per cent of SMBs believe that the native security of cloud storage providers is not strong enough to ensure data protection. And, what are businesses doing about it? Well, not much. 80 per cent only rely on the native security of their cloud storage provider, despite thinking that its security isn’t strong enough. Only 10 per cent are using a third-party cloud file monitoring tool to detect suspicious behaviour and prevent unauthorised access.
All of this is driving bad security results.
29 per cent said that they suffered a breach of files or folders since they moved to the cloud for storage. Even more worrying, 15 per cent said it would take several weeks before they would find out whether unauthorised access took place or not.
This is pretty serious. The more time you give a hacker to look around your systems, the more leverage he can gain over your company.
How can SMBs address these concerns?
SMBs operating in a hybrid environment need to ensure their data is protected both on-premises and in the cloud.
There is an effective way to do so. SMBs need to invest in technology that proactively tracks, audits and reports on all access to files and folders — no matter where it resides. The best way is to invest in a solution that can alert you in real-time and alert IT teams about suspicious file activity the moment it occurs.
It’s crucial to have a solution in place that gives you a consistent and unique view of the security of your data across all your storage servers (whether on-premises or on a third-party cloud system). It means that you’ll be the first to know if someone other than an authorised employee tries to access your data and therefore you’ll be able to react quickly.
Visibility is the key.
François Amigorena, founder and CEO, IS Decisions