Cloud storage is widely used by organisations because it increases productivity. However, fears are still present when it comes to trusting a third party with valuable data. The lack of visibility and control over this data is difficult to accept.
According to a recent research, a majority of SMBs are worried about their data not being safe in the cloud, but why? And what can IT teams do about it?
Cloud storage security worries
First of all, detecting unauthorized access becomes a nightmare for the IT security team when data is stored in the cloud. When your data is stored on premise, the fact that you need to be physically present in the office to access these files and folders creates a natural boundary against unauthorized access. Furthermore, if you have employees or partners using VPN, access can be restricted to specific devices only.
Secondly, it is much harder for IT teams to stop leaving employees from stealing information before they go. For the same reasons as above, when data is stored on the physical desktop computer it is easier to spot an employee stealing data. With data being accessible from anywhere in the world and on any device, cloud storage makes it extremely easy for leaving employees to steal corporate information.
Last but not least, it is very hard to manage the security of complex hybrid storage environment (mixture of on premise and cloud storage). Businesses use it as it increases productivity. However, 56% of SMBs say that it’s difficult managing the security of data living in hybrid infrastructures.
Bad security decisions
Despite all of these fears, organisations are not doing much about it.
According to that same research, 49% believe the native security of their current cloud storage provider is not strong enough to protect their data but 80% are simply relying on the native security of the cloud provider to monitor access. Of those, only 42% monitor access manually every day, which is very time-consuming and complex, and of course subject to human error.
38% monitor access on an ad hoc basis. It’s indeed less time-consuming but that’s how you can miss an attack or find out about it too late.
More concerning, 9% don’t monitor access at all. It makes the identification of the source of a breach very difficult when it happens.
21% keep their most sensitive data stored on on-premises infrastructure.
The fact that organisations neglect cloud security means that data stored in the cloud is considered ‘not sensitive’ and at high risk. And, only 53% said their clients’ data was sensitive…
What can IT teams do about it?
IT teams clearly need to find a better way to make sure their data is safe whether in the cloud or on a mixture of on-premise and cloud. The most effective way to do so is to invest in technology. You need to be able to proactively track, audit and report on all access to files and folders and get alerts in real-time to suspicious file activity.
67% of SMBs say that receiving alerts for unauthorized or suspicious access to sensitive data stored in the cloud would be extremely useful.
It’s important that you have a consistent and unique view of the security of your data across all your storage servers (whether on-premises or on a third-party cloud system). Having a solution in place that can give you this view allows you to be the first to know whenever someone other than an authorized employee tries to access your data. You’ll then be able to react quickly, before any damage is done.
About the Author
François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues.
IS Decisions is a provider of infrastructure and security management software solutions for Microsoft Windows and Active Directory. The company offers solutions for user-access control, file auditing, server and desktop reporting, and remote installations.