The cloud has changed the way organizations do business. Employees are now able to work from wherever they want and on whatever device they want.
But while there’s no doubt that the cloud brings with it a huge number of benefits, it also brings many risks — some of which are technical, but many of which are more human, especially where cloud storage is concerned. Let’s see how the current mentality towards cloud storage is damaging data security.
My data is more sensitive than yours
Nearly half of organizations believe that their own data is more sensitive than that of their clients according to recent research by cybersecurity firm IS Decisions. When asked what they considered to be “sensitive”, 74% said corporate credit card data, 71% said employees’ personal information, yet only 62% said client contact information and 52% said client data in general.
It is very worrying to see such a lack of concern for client data. Collaboration between organizations and supply chains are increasing and nearly every organization that is connected to the internet now stores client data on their systems in one form or another, whether it’s living on email servers or cloud storage providers like Dropbox for Business, Box, Microsoft OneDrive or Google Drive.
Now, the security of your data is in the hands of your suppliers who believe it’s less sensitive than you do.
I don’t think my data is safe but I’m not doing anything about it
Most organizations believe that cloud storage is insecure and that they have to put up with it to benefit from better productivity and flexibility. 61% of organizations think their data is “unsafe in the cloud” and 45% even said that moving to the cloud has damaged their organization’s security. It’s therefore no wonder that 59% believe that cloud storage providers could do more to protect their data.
What are organizations doing about it? Well, not much apparently. 90% are simply relying on the native security of the cloud storage provider they’re using, despite the fact that its security isn’t as strong as is it should be. Only 10% are using third-party cloud file monitoring tool to prevent unauthorized access to sensitive files and folders.
If I don’t know about it, I don’t worry
When data breaches happen to you, you need to know about it even if detection is a challenge. 29% said that since moving to the cloud for storage, they have suffered a breach of files or folders and 15% said it would take weeks before they’d discover if unauthorized access has taken place.
This is seriously worrying for organizations. The more time you give to a hacker to snoop around your systems, the more leverage they can gain over your company — either by stealing data or by moving laterally across systems to find a workstation with administrator privileges to then upload ransomware or shut down your network.
How to overcome cloud security inertia?
The current mentality of ‘my data is more sensitive than yours’ needs to change — same with the reliance on the native security of cloud storage providers and the amount of time it takes to detect a breach. Supply chain attacks are on the rise, so all it takes is one mishap from one supplier to compromise your data, and you might not even know about it.
Before choosing their partners, many organization now consider their cybersecurity. For that reason, it’s very important that organizations can show that they can keep their clients’ data safe. It could be the difference between winning and losing clients.
So, how exactly can organizations demonstrate they’re looking after their clients’ data in a clouded world?
Monitoring access to files and folders in the cloud manually is a time-consuming, expensive and unpractical task. It’s also prone to human error because it’s incredibly tough to detect unauthorized access to files when a perpetrator is using compromised credentials.
Therefore, technology plays a key role in securing cloud and hybrid storage environments. Having a solution in place that can continuously monitor access to files and folders across cloud and on-premises servers, while alerting IT teams when any suspicious behavior is happening (like access at an unusual time of day or access from a new device or an unusual location), can significantly reduce the risk of leaking data — whether it’s yours or your clients’.
After all, you can only do something about the threats you’re aware of.
About the Author
François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues.
IS Decisions is a provider of infrastructure and security management software solutions for Microsoft Windows and Active Directory. The company offers solutions for user-access control, file auditing, server and desktop reporting, and remote installations.
Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies; and save time and money for the IT department.