By François Amigorena, CEO and founder, IS Decisions
Cloud storage brings so many benefits in terms of productivity and flexibility that it becomes almost impossible for organizations not to use it. However, it is also risky to trust a third party with your sensitive information, you lose visibility and control over it.
Recent research found that 61% of SMBs are concerned about their data being unsafe in the cloud. What are the risks? And what can they do about it?
Why is cloud storage risky?
With cloud storage, data can be accessed from anywhere in the world using any device. Knowing that detecting unauthorized access becomes really difficult. When your data is stored on-premise there is a natural boundary against unauthorized access: the need to be physically present in the office to access the files and folders. Even with remote employees or partners using VPN, access can be restricted to specific devices only.
Furthermore, spotting data theft from employees leaving the business becomes equally difficult. When your data is stored on the physical desktop computer it is much easier to spot suspicious activity. With cloud storage, it is almost too easy for leaving employees to steal files before they go.
Finally, a hybrid storage environment can be complex. To increase productivity, organizations are using a mixture of on-premise and cloud storage. However, managing the security of the data stored across multiple environments becomes very challenging.
56% of SMBs say that it’s difficult managing the security of data living in hybrid infrastructures.
What are the consequences?
The consequences of those risks are bad security decisions. A majority of SMBs believe cloud storage is not secure, but they’re not doing anything about it.
Actually, half of SMBs think the native security of their current cloud provider is not strong enough to keep their data safe but 80% are simply relying on it to monitor access.
Of those, 42% monitor access manually every day. This is an incredibly time-consuming and complex task, and it’s prone to human error.
38% monitor access on an ad hoc basis. It is obviously less time-consuming but an attack can be missed or you can find out about it too late.
But, what’s even more worrying is that 9% don’t monitor access at all. When a breach will inevitably happen, the identification of the source will be incredibly difficult.
Knowing all of the above, it’s no wonder that 21% keep their most sensitive data stored on on-premises infrastructures.
The fact that they’ve decided to neglect cloud security means that they consider the data stored in the cloud as ‘not sensitive’ and at high risk.
How can SMBs secure their data in the cloud?
SMBs need to be able to secure their data in the cloud. The most effective way to do so is to use technology that can proactively track, audit and report on all access to files and folders. It also needs to be able to alert you in real-time on any suspicious file activity.
67% of SMBs say that receiving alerts for unauthorized or suspicious access to sensitive data stored in the cloud would be extremely useful.
The easiest way to secure your data is to have a solution in place that can give you a single consistent view of the security of your data across all your storage servers (whether on-premises or on a cloud system). Like that, you’ll be the first to know if someone other than an authorized employee tries to access your data, and you’ll be able to react quickly avoiding any damage.
About the Author
François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues. IS Decision is a provider of infrastructure and security management software solutions for Microsoft Windows and Active Directory. The company offers solutions for user-access control, file auditing, server and desktop reporting, and remote installations. Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies, and save time and money for the IT department.