The ease of accessing and consuming cloud services in both our professional and personal lives has led many organisations to neglect security issues in favour of focusing on the benefits.
While we are passionate advocates of the benefits of cloud and its ease of connectivity, we make no claims that it is the solution for every business. As technology experts with a 20-year pedigree, our mission is to help clients understand that the easier and more convenient the cloud service, the more open it is to risk, and that risk needs to be properly managed.
When it comes to public versus private cloud, some people will tell you one is more secure than the other. This is not inherently true – real security comes from your cloud strategy and how it is implemented and managed.
Complacency could be your downfall when it comes to cloud security. You may feel confident that your firewall and other perimeter security is in place, and – assuming you have chosen the right IT partners – you may also have the very latest in cloud access security brokers (CASB) placed between your cloud provider and your consumers.
But all of your state of the art security measures are compromised if you have failed to realise that staff members who acquire new smartphones or tablets are happily connecting them to your networks without your IT department’s agreement or knowledge.
Some experts say that employees cause more than 60% of security breaches, whether intentionally or not, and IT managers say that one of their biggest headaches is not having the opportunity to assess devices before they are connected.
Thanks to cloud services, staff can now connect to your systems from various devices without needing to use your virtual private network, and it follows that you are open to threat if they are using untrusted internet connections and platforms.
File sharing on public cloud platforms, which we are all very familiar with, can be a particular pitfall. Imagine that you have large files detailing sensitive client information, which need to be exchanged between your staff. Did you know that using popular public cloud-based file transfer platforms such as Dropbox or WeTransfer can lead to security breaches if not configured and managed correctly?
The question about where their sensitive data is being physically stored is one that never arises in many organisations. The current position is that offshoring data outside of the UK can only be stored in countries which provide an adequate level of protection as set out by the European Commission.
With the recent decision to leave the EU we will see some major changes around data flow. Leaving without a deal, the UK’s General Data Protection Regulation will not be considered ‘adequate’ by the EU, as the UK is classed as a third country. If your data is stored in an overseas data centre you might want to review your data strategy sooner rather than later.
If you are talking about cloud don’t forget to do your security homework before you make any decisions. Give our experts a call or come along to one of our regular security briefings and find out more about how to protect your business.