At a time when data breaches are on the rise, surveys indicate many small businesses remain hesitant to put their data in the cloud. Yet experts say the benefits of cloud computing, ranging from increasing productivity to reaching new customers, far outweigh the risks. These risks can be mitigated by instituting strong computing policies for employees, accessing the security standards of cloud-based apps, and using high levels of encryption.
With all the information available about the cloud, it can be difficult to distinguish between fact and fiction. Here are a few common myths and the truths about cloud security.
The cloud is less secure than on-premise servers.
IT professionals say data in the cloud can be just as secure, if not more secure, than data in on-premise servers.
The truth is that security is more dependent on the protocols a company has in place than on the medium. Rick Blaisdell, cloud computing expert and CTO at Motus in Boston, says that whereas many small businesses that manage their own servers often have different equipment, firewalls and operating systems, cloud providers offer standardization.
“Cloud [solutions] have more standardization and very specific security experts. They’re usually updated on security patches, a big problem for many [small to medium-sized businesses],” says Blaisdell.
Gustavo Gomez, IS&T professor at Kaplan University, says cloud providers can enhance security by providing centralized control over the applications and data being accessed outside the customer’s network. This means that when a person’s device is lost or stolen, employers can immediately revoke access to the data. Small businesses using the cloud can often set how and where they would like to encrypt their data.
Employees are the biggest risk in the cloud.
According to the IBM 2015 Cyber Security Intelligence Index, 95% of data breaches involve human error in security practices. This could be anything from not securing physical devices to sharing passwords or using public Wi-Fi to access data.
“Historically, the focus for businesses has been on securing their network, servers and corporate devices,” says Timo Laaksonen of F-Secure, a global cybersecurity service provider. “Yet many have failed to educate their employees about security best practices. Employees should know how to securely use mobile devices for business purposes, how to identify and avoid malicious emails, file attachments and web links, and what the proper protocol is for reporting imminent security issues and potential threats,” Laaksonen says. “Prevention is the cornerstone of cybersecurity, and training should be within the focus of businesses of any size.”
Small businesses in the cloud need a comprehensive plan that establishes a strong computing use policy and educates their employees on cybersecurity.
Most major cloud providers have strong security practices.
Major cloud providers, such as Office 365 and IBM SmartCloud, use the latest security tools and strong patching practices to offer stronger security than small businesses would typically have on their own. Amazon Web Services (AWS) has more than 1,800 security controls governing its services.
Cloud data can also have better security in terms of failover, uptime and fault tolerance. Because data are more likely to be updated to more than one zone, small businesses can have almost immediate data recovery in the event of systems failure.
Hackers are increasingly targeting data in the cloud.
Steven Toole, security expert at Avanan, says that as usage of cloud apps increases, more hackers will attempt to infiltrate them. The PricewaterhouseCoopers Global State of Information Security Survey 2016 reported a 38% increase in security incidents in the past year. Toole says the benefits of the cloud can still outweigh the risk, and that businesses can improve their protections against hackers with additional layers of security to safeguard their applications.
The PwC report said the cloud itself also is being used to deliver more security solutions and is a “sophisticated cybersecurity” tool for data protection, privacy and network security. Nearly 70% of surveyed respondents said they were using cloud-based cybersecurity services to protect corporate data.
Small businesses not in the cloud have no cloud-based security risks.
Even if they’re unaware of it, most small businesses already have data in the cloud through third-party solutions for things like accounting, shipping or customer service. A recent report by CloudLock said 27% of apps connected to corporate environments pose a “high security risk” that could expose sensitive data.
Steve Durbin, managing director of the Information Security Forum, says organizations need to question how their information is being stored and protected by these providers. “As everything from supply chain management to customer engagement shifts to the cloud, operating in cyberspaces now has bottom line implications if systems are disrupted,” says Durbin.
Many small businesses are also already connected to the cloud through mobile devices. A 2015 Bank of America study found that by 2018, a quarter of all corporate data will bypass traditional IT security and move directly between mobile devices and the cloud.
Don’t let myths stand in the way of leveraging a powerful technology that can drive business growth. When used effectively and safely, the cloud can boost productivity, offer access to new markets, and take your business to the next level.