Driven by the increase in remote working around the world, cloud storage services have never been more important to keep businesses running. However, our research highlights how this brings a number of security challenges for small- and medium-sized businesses (SMBs) and a great opportunity for managed service providers (MSPs).
Cloud Storage and Security Challenges
The amount and value of this data stored in the cloud is growing rapidly, and cyber attackers are quickly recognizing this opportunity. Cloud platforms offer businesses unprecedented efficiency and productivity, but the downside is the lack of ownership and control, and therefore security.
Cyber threats, which traditionally target on-premise resources such as ransomware, identity theft and data exfiltration, are now a growing problem for cloud storage services as well. As companies continue to deploy resources to the cloud, the need to address these additional security challenges is a major concern.
Added to this is the difficulty of jointly managing the security of on-premises storage and cloud storage in a hybrid environment. A blend of existing IT infrastructure and public cloud provides the “right-choice” for many companies, but privacy, security and compliance concerns soon arise.
SMBs are particularly vulnerable because they lack the expertise and resources to effectively secure their cloud deployments, and this is where MSP expertise can help.
Data Safety in the Cloud
SMBs believe their data is unsafe in the cloud. Although the benefits are clear, our research shows that 61% of SMB’s still believe that their data is insecure in the cloud and 60% have had painful problems migrating their data to the cloud.
What’s driving these perceptions? Our research identified three key points:
- Unauthorized access is harder to detect. With data stored on premises, there is a need to be physically present in the office to access these files, creating a natural barrier from outside the organization. Moreover, IT can restrict access only to specific devices. With cloud-based storage, data can be accessed from anywhere in the world and on any device, greatly increasing the likelihood of unauthorized access.
- Data theft from employees leaving is harder to stop or prevent. For exactly the same reasons, it is much easier to spot an employee stealing valuable information when it is stored on the physical desktop computer. Cloud storage makes it easy for employees to steal data before they leave.
- Organizations are still suffering breaches. Since moving to the cloud, 29% of organizations suffered a breach of files or folders stored in the cloud. The consequences of breaches have been incredibly damaging — with 15% saying they have suffered significant reputational damage due to unauthorised access to sensitive corporate data stored on cloud networks.
With the increasing complexity of cloud security, the market opportunities for the know-how of MSPs are also increasing. It’s a particularly exciting moment for MSPs, one they must seize. As more and more customers migrate to the cloud, MSPs need to provide the multilayered security solutions needed to keep their data secure. Without a security offering, MSPs can miss out on a strong market and do their customers wrong by compromising their data.
Data protection starts with file access auditing, as file access is at the heart of data protection. Files and folders remain the first attack option. Unchecked access to files and folders puts companies at risk from theft, alteration or the deletion of sensitive data. Prohibiting any unauthorized access is what makes data protection possible.
There are tools for monitoring, auditing and alerting on all access, and on access attempts, to files, folders and file shares located on cloud storage platforms and the Windows environment. It’s also possible for MSPs to monitor customer licenses from one platform and access ‘pay-as-you-go’ monthly billing, self-service sign-up and aggregate pricing.
François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues. IS Decisions’ software makes it easy to protect against unauthorized access to networks and the sensitive files within. Its customers include the FBI, the U.S. Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations, such as SOX and FISMA; quickly respond to IT emergencies; and save time and money for the IT department. You may follow him on LinkedIn or @IS_Deicisions on Twitter.