The current cybersecurity hype is starting to sink in for many companies and consumers who are desperate for real solutions to protect their data. The economics suggest that more organizations are looking at the cloud, but is that a more secure solution, as many currently believe? Says Jeremy: "Cloud companies are providing more economical solutions to the enterprise, however, I think the cloud presents a tremendous amount of risk to any organization that migrates to it."
As legacy cyber security companies continue to wither on the vine, cloud companies will most likely continue to rise, however, this only presents a new focus for hackers, says Jeremy: "We have already seen giant cloud providers get knocked off line from cyber attacks rendering their services to their clients unresponsive. Also, just because a client or customer moves their data to the cloud doesn’t necessarily make it safer. This just creates a new lightning rod or ultimate honeypot for the hackers to include in state sponsored attacks. "
The bottom line, he says is that organizations and how they conduct their business will continue to be the weak link. Staying on the cutting edge of cyber technology is a must, along with a layered approach. Cloud security should not be seen as a cure-all.
The use of the cloud is constantly growing. In a recent survey, about 71% of organizations have either moved or are moving their production to the cloud or are thinking about it. The thing about the “cloud” that many people don’t realize or understand, however, is that there is no “cloud” – it’s just someone else’s computer. Users are basically paying for remote hard drive space, rather than using their own local hard drive space to store their data. There are upsides and downsides to this. One upside is near-constant availability. So long as there is an active Internet connection both at the provider, such as Google Drive or DropBox, and at the endpoint, such as a PC or mobile phone, the data is readily available. But, what happens if that Internet connection goes down on either side? That data isn’t accessible, unless there’s a local copy at the endpoint. This is one of the downsides to the cloud.
Something else to think about when it comes to the cloud is security. How secure is the data being stored? What type of data is being stored to the cloud? The bulk of data being stored in the cloud is email, with about 45%. Sales and marketing come in at 42%; intellectual property at 38%; and customer data at 31%. Within all of that, however, 19% is sensitive financial data, with 8% employee healthcare data. With storing any sensitive data to the cloud, 90% of organizations have security concerns, one of the biggest factors holding users back from moving to the cloud.
With security being the biggest factor in cloud adoption, the biggest security concerns are unauthorized access (63%), hijacking of user accounts (61%), and malicious insiders (43%). Interestingly, however, malware, denial of service attacks, and other cyberattacks ranked lower. What’s interesting about this, is that with email being the biggest chunk of cloud data, and malware being delivered by spam and phishing campaigns, one might think malware would be more of a concern. Another big concern, on top of the aforementioned ones, are data breaches. 28% of organizations believe there’s a higher risk of cloud data breaches compared to local data breaches, and 22% of organizations believe there’s a lower risk of cloud data breaches compared to local data breaches.
What can be done to mitigate these security concerns with moving to the cloud? Most organizations will opt to partner with managed services providers (34%), in addition to utilizing data (65%) and network encryption (57%) methods to keep their data safe. Layered security seems to be the solution for using the cloud, as 68% of organizations believe perimeter (firewall) security isn’t enough to keep cyber threats at bay.
So, to use the cloud or not use the cloud? It all depends on the needs of the organization. If the organization is de-centralized and constant access is necessary, it makes sense to move infrastructure to the cloud. For centralized organizations, it may make sense to only move partial infrastructure to the cloud.