The cloud has benefited organizations for many years now. But despite all the benefits it brings, suspicion is still present. According to a recent study, 61% of small- to medium-sized businesses (SMBs) believe their organisation’s data is unsafe in the cloud. They believe it is not safe to trust a third party with their corporate data.
It is hard to prevent leaving employees from stealing data
Stopping employees who are leaving your company from stealing sensitive data before they go is a difficult task for security teams.
When the data is stored on-premise, it’s much easier to detect and stop someone who is trying to steal sensitive files for the simple reason that the data is stored on the physical desktop computer.
On the contrary, when the data is stored in the cloud, it becomes much easier for leaving employees to steal files before they leave. The data can be accessed from anywhere in the world, using any device, making it harder for IT teams to stop it.
It is hard to spot unauthorized access
Detecting unauthorized access to sensitive data is one of the biggest cloud security fears today.
When data is stored on on-premise file servers, there is a natural barrier to unauthorized access which is the need to be physically present in the office to access the files. Even in organizations where employees and third-party partners use VPNs, access can be restricted to specific devices only so the data remains relatively secure.
On the other hand, cloud storage increases the chance of unauthorized access — which causes major security concerns. Without the right access controls in place, if an employee’s login credentials were to be compromised, an attacker could, in theory, have access to sensitive files and folders from anywhere in the world using any device.
21% of SMBs said they keep their most sensitive data stored on on-premises infrastructure because they don’t trust its security in the cloud.
It is hard to manage complex hybrid storage environments
This issue is linked to the first two — and complex hybrid environments make the other two concerns much worse.
Having a hybrid storage environments — a mix of cloud storage providers and a mix of on-premises servers — is very common these days. Many organizations use this approach because it is beneficial in terms of productivity. However, it is also very challenging to manage the security of the data stored across multiple environments.
56% of SMBs say that it’s difficult managing the security of data living in hybrid infrastructures.
Security is managed differently by each cloud provider. And, if you want to detect malicious behavior and stop data theft, you need to actively monitor access to each platform on an ongoing basis.
How to overcome those fears?
You need to find a way to protect your data (whether in the cloud or on a mixture of on-premise and cloud). The best way to do so is to invest in technology. You need to be able to proactively track, audit and report on all access to files and folders, and alert IT teams on suspicious file activity the moment it occurs.
You can put a solution in place that gives you a consistent and unique view of the security of your data across all your storage servers (whether on-premises or on a third-party cloud system). Then, if someone other than an authorized employee attempts to access your data, you’ll be the first to know about it and therefore, you’ll be able to react quickly.
About the Author
François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues.
IS Decisions is a provider of infrastructure and security management software solutions for Microsoft (News - Alert) Windows and Active Directory. The company offers solutions for user-access control, file auditing, server and desktop reporting, and remote installations.
Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies; and save time and money for the IT department.