Thinking of using cloud, but have your doubts
whether it’s secure enough? You are not the only one. Even large enterprises or
medium and small businesses hesitate to full-heartedly embrace it, fearing that
their sensitive data might get compromised when stored online. But is the risk
really high or can it be managed?
As the statistics show, more than half of all European
enterprises and third of small and medium-sized firms have security concerns
when thinking of transferring their operations to cloud. It tops the list
outpacing even the uncertainty about the location of their vital data or even
practical problems, such as possible difficulties when accessing the
information on-demand. As October is a European Cyber Security Month, we will try to take a closer look
whether these fears are justified.
Firstly, we have
to admit that no system is perfectly secure and this applies to cloud too. But for some companies with lower budgets and manpower a cloud solution might
actually lead to improvement in security, as the provider might have
more resources dedicated to protecting the system and managing possible
security breaches quickly and effectively. However, this isn’t a rule and while
the information could be safer online the manipulation while using it locally
should be carefully managed too.
Also,
cybercriminals are reaching for the same strategies when trying to penetrate
cloud and on-site hardware. So even if the cloud servers of the provider
present a more tempting target containing the data of dozens or even hundreds
of firms, this doesn’t change the types of threats it is up against. So to
answer our question − yes, choosing cloud brings with it some risks, but those
can be mitigated if resources are managed properly.
Specifying the
safety measures in the contract (so-called Service Level Agreements or SLA)
with the provider is one of the areas to look out for. If your company adopted
a high security standard, uses a reliable software solution and applies other
effective protection strategies like two-factor verification or data encryption − all this can be retained when
opting for the cloud.
You also have
other options like running a security audit to make sure that all of the
security conditions you requested from your cloud provider are adhered to. If
not, sanctions can be imposed. But most of the above-mentioned measures are
only reactionary to the breaches, which might have happened already.
When moving your
company business to cloud, you should ask yourself a few questions:
Is your
company or its core sector subject to regulation? Many industries like healthcare or finance have strict rules, applying to data
storage, sometimes even restricting their storage in another country. If so, it
might render your business unable to comply.
Do you know
the value of all your assets? At the minimum, identify and classify at least the critical pieces of
information you intend to store in the cloud – for example accounting or
customers’ private information. Now imagine you will lose access to them for
several hours or days. Is your company able to manage such a situation or is
there a higher level of security needed and therefore the data has to stay
in-house?
How is the
data protected when on the move between the cloud and company devices? Encrypting the data on the cloud and
on its way to it – no matter if from desktops, laptops, mobile phones or
tablets – is important for keeping it secure.
Can you
control who is accessing your data? If you want to avoid unauthorized
users going through your files and sensitive information. Also when multiple
employees are editing a file, you need to be able to identify who has made the
changes.
What if the
cloud security systems are breached? Is your firm able to absorb the damages done to
the brand? Don’t get this wrong, it’s not about financial liabilities, which
are most probably part of the SLA. But if the data is lost or stolen, your
customers are not going to turn to your cloud provider for a remedy.