Sign up to our newsletter
Thinking of using cloud, but have your doubts whether it’s secure enough? You are not the only one. It doesn’t matter how big or small an enterprise is, small, medium and large businesses all hesitate to full-heartedly embrace it, fearing that their sensitive data might get compromised when stored online. But is the risk really high or can it be managed?
As statistics show, more than half of all European enterprises and third of small and medium-sized firms have security concerns when thinking of transferring their operations to the cloud. In fact, this trepidation tops the list of security worries, ahead of concerns like the location of their data and the possible difficulties they might face when trying to access information on-demand.
As October is a European Cyber Security Month, we will try to take a closer look whether these fears are justified.“Firstly, we have to admit that no system is perfectly secure and this applies to the cloud too.”
Firstly, we have to admit that no system is perfectly secure and this applies to the cloud too. But for some companies with smaller budgets and manpower a cloud solution might actually lead to improvement in security, as the provider might have more resources dedicated to protecting the system and managing possible security breaches quickly and effectively. However, this isn’t a rule and while information could be safer online, the manipulation while using it locally should be carefully managed too.
Also, cybercriminals are reaching for the same strategies when trying to penetrate cloud and on-site hardware. So even if the cloud servers of the provider present a more tempting target containing the data of dozens or even hundreds of firms, this doesn’t change the types of threats it is up against. So to answer our question − yes, choosing cloud brings with it some risks, but those can be mitigated if resources are managed properly.
Specifying, the safety measures in the contract (so-called Service Level Agreements or SLA for short) with the provider is one of the areas to look out for. If your company adopted a high security standard, uses a reliable software solution and applies other effective protection strategies like two-factor verification or data encryption − all this can be retained when opting for the cloud.
You also have other options like running a security audit to make sure that all of the security conditions you requested from your cloud provider are adhered to. If not, sanctions can be imposed. But most of the above-mentioned measures are only reactionary to the breaches, which might have happened already.
When moving your company business to cloud, you should ask yourself a few questions:
Is your company or its core sector subject to regulation?
Many industries like healthcare or finance have strict rules when it comes to data storage, with many organizations having in place restrictions for storage in other countries. If so, it might render your business unable to comply.
Do you know the value of all your assets?
As a minimum, identify and classify at least the critical pieces of information you intend to store in the cloud – for example accounting or customers’ private information. Now imagine you will lose access to them for several hours or days. Is your company able to manage such a situation or is a higher level of security needed? If so, data may potentially need to remain in-house.
How is the data protected when on the move between the cloud and company devices?
Encrypting all your data on the cloud and on its way to it – irrespective of whether it is from a desktop, laptop, mobile phone or tablet – is important for keeping your information secure.
Can you control who is accessing your data?
If you want to avoid unauthorized users going through your files and sensitive information, you need to check who can access both the cloud specific data that it stored there. Also, when multiple employees are editing a file, you need to be able to identify who has made the changes.
What if the cloud security systems are breached?
Is your firm able to absorb the damages done to your brand? Don’t get this wrong, it’s not about financial liabilities, which are most probably part of the SLA. But if data is lost or stolen, your customers are not going to turn to your cloud provider for a remedy.
Author Ondrej Kubovič, ESET