Even though cloud computing is a term that’s been on everyone’s lips for a while now – and the popularity of the technology is only set to grow in the coming years – many businesses are still wary of moving their operations away from their on-premise solutions.
One of the most commonly-cited reasons for this is worries over the security of cloud tools. Recent figures from Databarracks reveal that 58 per cent of IT professionals see this as the biggest concern when moving data to the cloud. Six out of ten people added that strong security procedures and policies are the most important aspect they look for in a service provider.
But these fears are increasingly proven to be unfounded. This technology has been in the mainstream for a while now – and what many businesses find once they get up and running with the solutions is that the protections offered by cloud computing security are often more robust than those they had in place prior to the transition.
However, this does not mean that enterprises should be complacent. There are still pitfalls out there for the unwary business, so read on for our tips on the biggest threats facing cloud-based businesses and what they need to do to mitigate this.
A growing threat
Security provider McAfee Labs warned in its 2014 predictions for the security industry that the growing interest in cloud computing is set to open up new attack surfaces that criminals will be targeting. The company observed: «Cybercriminal gangs of the 21st century will target cloud-based applications and data repositories because that’s where the data is, or will be soon enough.»
Therefore, businesses will have to work hard to take full control of their data – and this means always knowing where it is and what protections are in place. At the moment, many businesses may be vulnerable because they do not have a coherent strategy for storing and sharing data.
In today’s environment, employees are increasingly demanding easier ways of communicating and collaborating with colleagues, as well as the ability to access business information wherever they are. And if firms do not provide tools for this, staff will take matters into their own hands.
McAfee’s study warned that more than 80 per cent of business users now take advantage of cloud-based applications without the knowledge or approval of IT. For many firms, this may mean sensitive data is being held on consumer-oriented cloud storage solutions that could be more vulnerable to breaches.
Companies must therefore clamp down on this unregulated activity and instead promote the use of approved, enterprise-grade services. When investigating options, firms should be asking providers questions such as what encryption standards they have, what provisions there are for monitoring access and how robust their authentication systems are.
The benefits of scale
One of the great advantages of entrusting your sensitive data to a cloud provider is that you can be sure it will be protected by the best defences in the industry. This can be particularly important for mid-market businesses.
These firms frequently cannot afford to dedicate the time or financial resources to building a top-quality security system that can match those of larger rivals. Cybercriminals are aware of this fact and as a result, on-premise systems among medium-sized firms are increasingly being targeted by criminals, as they are seen as easier to breach.
But when data is stored on the cloud, firms benefit from the very best solutions. Cloud provider’s can’t afford to let their customers fall victim to data breaches and therefore devote large resources to always maintain the latest protections, so companies can be sure they also get security patches and updates as soon as they are available.
Governance and compliance
The issue of data governance is also one that must not be overlooked when businesses are considering moving to the cloud. One of the biggest perceived disadvantages of these solutions among IT professionals and chief security officers is a loss of control over their data.
If not handled correctly, this may leave businesses exposed to problems. But as they will still be ultimately responsible to regulators for the security of their data, pointing the finger of blame at a provider should anything happen is not a defence.
However, these challenges can be mitigated as long as organisations take the time to fully understand what tools are in place and who is responsible for each aspect. Firms need to study their cloud provider’s service-level agreement (SLA) closely to determine exactly what each party is responsible for.
This should also cover issues such as what happens to data stored on cloud servers at the end of a contract. You might assume this will automatically be scrubbed, but this isn’t something you should take for granted.
If you would like to know more about the factors you need to consider to ensure your cloud deployments are secure, please don’t hesitate to get in touch with one of our experts.
Please leave your comments below and share with your colleagues