Modern businesses need their IT environment to be flexible, powerful, and reliable. This is how the cloud excels.
However, recent research [i] conducted by EMRGE’s specialist cyber security partner, Aura Information Security, shows business are confused by cloud security and responsibility.
Of the 360 IT decision makers surveyed, more than 70 percent of respondents mistakenly believed that storing their data in the cloud automatically adds an extra layer of security.
Almost a third admitted their company had no cloud usage policy for employees outlining how to use cloud applications and store data securely. A quarter said their business had suffered a cloud breach over the past year. It’s not difficult to see why.
At EMRGE we believe security is a crucial component of any cloud journey. We asked Petra Smith, Virtual Security Officer at Aura, to shed some light on why cloud security matters and what businesses should be doing to ensure their data is secure.
What are some risks associated with using the cloud?
Not too long ago, offices had specific places to store data and hide things away to protect them. And while we now use cloud systems in a similar way, they still have the same associated risks as an on-premises environment. People can still steal that information, and in the wrong hands it can cause damage.
Cloud services like Office365 and G Suite are an appealing target for phishing campaigns due to their widespread popularity. Without adequate protection in place, cybercriminals can repeatedly use different phishing techniques until they find a way into a system.
You can’t afford to treat cybersecurity as “just an IT problem” in the cloud. Everyone in the business needs to know how to understand good password practice, use multi-factor authentication and spot common scams.
What are the key cloud security misconceptions?
Cloud security is not more secure.
When you hand your information over to the cloud you no longer control who has access to your equipment, how it’s configured, and what’s stored where.
When picking a cloud provider, you become responsible for deciding what protection your data needs, and who should be able to access it. Your provider may not look after software patching and data backups, two vital steps to protecting your data from a breach.
Don’t assume your provider will take care of everything for you. Do your research and find out what they do to keep your data secure, and what parts you still need to look after yourself.
How does my business follow best security practice?
Security isn’t something you can set and forget, so make sure you’ve got a clear idea of who is responsible not just for setting things up correctly, but for carrying out day-to-day responsibilities like patching, monitoring your environment and continual education of staff.
Whether you start with one small project, like your public facing website, or move your whole file storage, email, and business systems to the cloud, you must start with a plan.
Know what’s going in the cloud, what systems it will interact with, who needs to use it, and how they're going to use it. Take that information to work out what level of protection you need. Then shop around for the right provider.
Most importantly, never underestimate the value of an educated team. When moving from a tightly controlled environment to the flexibility and freedom of the cloud, it's key everyone understands security risks and has the knowledge and skills to work safely.
Finally, don’t be afraid to call in the experts to keep you on track. Security can be complex and challenging, and specialist advice on where, and how much, your business needs to improve its cyber posture will take your cloud security to the next level.
[1] Aura Information Cyber Security Market Research Report 2020
