SMB’s perceptions of Cloud Storage Security

Data Storage Security

The use of cloud storage is on the increase. However, SMBs are still suspicious about it. Actually, 61% of SMBs believe their data in unsafe in the cloud. Why are those perceptions still present? And what can be done about it?

SMBs believe their data in unsafe in the cloud

The cloud brings many benefits to organizations, but it also comes with a number of risks. SMBs think it’s risky to trust a third party with your valuable data because you’re not in control of it anymore.

The first risk is that unauthorised access is harder to detect. With data stored on premise, there is a need to be physically present in the office to access these files so it creates a natural boundary against unauthorized access from outside the organization. Plus, IT can restrict access to specific devices only. With cloud-based storage, data can be accessed from anywhere in the world and on any device, which increases significantly the chance of unauthorised access.

The second risk is that data theft from leaving employees is harder to stop or prevent. For the exact same reasons, it is much easier to spot an employee stealing valuable information when it’s stored on the physical desktop computer. Cloud storage makes it very easy for leaving employees to steal data before they go.

The third risk is that hybrid storage environment is difficult to manage. There is no doubt that using a mixture of on premise and cloud storage increases productivity. However, it also makes managing the security of the data stored across multiple environments very challenging. According to recent research, 56% of SMBs say that it’s difficult managing the security of data living in hybrid infrastructures.

The current attitude towards Cloud Storage needs to change

Many organisations consider their own data to be more valuable than that of their clients, according to the same research. This is pretty worrying considering third-party and insider breaches are increasing.

This mentality will worry those that operate with large and complex supply chains given the lack of control over data security once it lives on third-party systems. Moreover, like we said before, many organisations are using a mixture of On-Premises and cloud storage systems, and they are struggling to manage the security of data — either their clients’ or their own.

In addition, 45% of organisations said that moving to the cloud has damaged their security and 59% believe that the native security controls of common cloud storage providers are not strong enough to protect data. Despite that, 90% are simply relying on the native security of whichever cloud storage provider they’re using and only 10% are using third party cloud file monitoring tool to prevent unauthorised access to sensitive files.

There clearly needs to be a more efficient way to ensure that data in the cloud remains safe. Moving to the cloud does not diminish an organisation’s need to secure access to and usage of file data.

What to do about it?

The mentality of ‘my data is more important than yours’ needs to change. Many organisations share a huge amount of sensitive data with their clients over email and via the cloud — and with supply chain attacks on the rise, all it takes is one mishap from one supplier to compromise your data. Many organisations consider the cybersecurity of their partners before choosing to work with them. Therefore, it’s vital that organisations can demonstrate that they can keep their clients’ data safe.

The most effective way to ensure that your data is protected whether it’s in the cloud or on a mixture of on-premise and cloud, is to invest in technology that proactively tracks, audits and reports on all access to files and folders and alerts you in real-time and alert IT teams to suspicious file activity the moment it occurs.

If you have a solution in place that provides a consistent view of the security of your data across all your storage servers — whether on-premises or on a third-party cloud system — you can rest assured that if someone other than an authorized employee attempts to access your data, you’ll be the first to know about it and therefore, be able to do something about it.

By François Amigorena

Brian Rue
What’s Holding DevOps Back And How Developers and Businesses Can Vault Forward to Improve and Succeed Developers spend a lot of valuable time – sometimes after being woken up in the middle of the night ...
Ray Meiring
Proposal Management Software Benefits Amid the COVID-19 pandemic-induced supply chain and market challenges, 2021 started to course correct, allowing many companies to resume business operations. As a result, request for proposals (RFPs), sales proposals, and ...
Yuliya Melnik
Heroku or AWS Cloud infrastructures are gradually starting to penetrate into an increasing number of areas and various businesses. And this is not surprising because such a ploy allows you to improve internal processes, protect ...
Gary Bernstein
Secure Remote Authentication When employees are working remotely, they need to be able to access company resources and applications just as if they were in the office. This means that remote authentication needs to be ...
Dana Gardner
Low-code Development Has Entered a Maturity Spurt Closing the gap between the applications and services a company needs -- and the ones they can actually produce -- has long been a missing keystone for attaining ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.