How Current Attitudes Towards Cloud Storage Are Damaging Data Security
By François Amigorena, founder and CEO, IS Decisions
There’s no doubt that the cloud has changed the way the world does business. No longer confined to the four walls of an office, workers now are able to work from wherever they want, however they want and on whatever device they want, while collaboration technology has paved the way to a more flexible and productive workforce.
But while the cloud brings with it a huge number of business benefits, it also brings a huge number of risks — some of which are technical, but many of which are much more human, especially where cloud storage is concerned.
My data’s more important than your data
For example, recent research by cybersecurity firm IS Decisions found that nearly half of organizations believe that their own data is more sensitive than that of their clients. When asked what they believed to be “sensitive”, 74% of organisations said corporate credit card data, 71% said personal information about employees, yet only 62% said client contact information and 52% said client data in general.
This relative lack of concern for client data is worrying. Because of increasing collaboration between organizations and supply chains, nearly every organization that is connected to the internet now stores client data on their systems in one form or another, whether it’s living on email servers or cloud storage providers like Dropbox for Business, Box, Microsoft OneDrive or Google Drive.
Now, the security of your data is in the hands of your suppliers who believe it’s less sensitive than you do.
It’s not my problem
Aside from the attitudes towards what data counts as “sensitive”, most organizations believe that cloud storage is inherently insecure by its very nature — and its insecurity is almost a necessary evil to put up with to benefit from better productivity and flexibility. 61% of organizations believe their data is “unsafe in the cloud” and 45% would go as far as to say that moving to the cloud has actually damaged their organization’s security. It’s therefore no wonder that 59% believe that the native security controls of common cloud storage providers are not strong enough to protect data.
But what are organizations doing about it? Well, not much, according to IS Decisions research. Nine in 10 are simply relying on the native security of whichever cloud storage provider they’re using, despite knowing that its security isn’t as strong as is it should be — and 63% are calling for cloud storage providers to do more to demonstrate they’re looking after data. Only one in 10 organizations are using third-party cloud file monitoring tool to prevent unauthorized access to sensitive files.
Ignorance is bliss
When it comes to security, you cannot afford not to know about data breaches when they happen to you — even if data breach detection is a challenge. But while 29% say that since moving to the cloud for storage, they have suffered a breach of files or folders, 15% say it would take weeks before they’d discover if unauthorized access has taken place.
This is a serious worry for organizations. The more time a hacker has to snoop around your systems, the more leverage they can gain over your company — either by stealing data or by moving laterally across systems to find a workstation with administrator privileges to then upload ransomware or shut down your network.
Overcoming cloud security inertia
The mentality of ‘my data is more important than yours’ needs to change — as does the reliance on the native security of cloud storage providers and the amount of time it takes to detect a breach. With supply chain attacks on the rise, all it takes is one mishap from one supplier to compromise your data, and you might not even know about it.
Many organizations now consider the cybersecurity of their partners before choosing to work with them. Therefore, it’s vital that organizations can demonstrate that they can keep their clients’ data safe. It could be the difference between winning and losing clients.
So how exactly can organizations demonstrate they’re looking after their clients’ data in a clouded world?
Clearly, monitoring access to files and folders in the cloud manually is a time-consuming, expensive and unpractical task. It’s also prone to human error because detecting unauthorized access to files when a perpetrator is using compromised credentials is incredibly tough.
Therefore, technology plays a key role in securing cloud and hybrid storage environments. Technology that can continuously monitor access to files and folders across cloud and on-premises servers, alerting IT teams to any suspicious behavior like access at an unusual time of day or access from a new device or an unusual location.
Knowing this information early can significantly reduce the risk of leaking data — whether it’s yours or your clients’. And after all, you can only do something about the threats you’re aware of.