Are Computer Cloud Services a Secure Option for Your Business?

To cloud or not to cloud?

That’s a very good question.

It’s a particularly important question if you run a small or medium-sized business and are trying to maintain a technological edge in order to both serve your clients better and stay ahead of the competition.

According to a recent IDG Cloud Computing Research Executive Summary, 73% of organizations have at least one application in the cloud or are using cloud storage, and another 17% plan to do so within the next year. It is easily the fastest growing tech solution for businesses across the globe, and it is crucial for businesses of all sizes to consider the role cloud services may play in their operations.

That said, utilizing the cloud does carry some risks. Hardly a month goes by without news of a major data breach occurring somewhere in the world.

It’s a good idea to become familiar with the security risks involved in using the cloud and to determine if the benefits outweigh those risks, or, at least, what options exist for enhancing your company’s cloud security.

What are the security concerns?

There exist a number of fair concerns regarding cloud security.

A recent Cloud Security Report by Cybersecurity Insiders notes that the top three concerns among cybersecurity professionals regarding cloud security are data loss (67%), data privacy (63%), and confidentiality (53%). All three of these concerns have increased over previous years. In addition, those surveyed were also concerned with such issues as

• Accidental exposure
• Legal and regulatory compliance
• Fraud
• Business continuity
• Disaster recovery
• Data control and sovereignty
• Lack of forensic data
• Incidence response

These are legitimate concerns.

Among the areas of most concern for cybersecurity professionals in managing cloud security are:

• Malware/ransomware
• Denial of service attacks
• Hijacking of accounts
• External sharing of data
• Foreign state-sponsored cyber attacks
• Malicious insiders
• Misconfiguration of cloud platform
• Unauthorized access
• Insecure interfaces

While all of the above can mean trouble and expense for many small businesses, those entities that are required to adhere to strict regulatory compliance, such as the Health Insurance Portability and Accountability Act (HIPAA) or the Payment Card Industry Data Security Standard (PCI DSS), must absorb additional costs and headaches in follow-up notifications of breaches to consumers and possible government penalties.

Looking at the numbers

In recent years, 18% of organizations have suffered some form of a breach of cloud security. It’s for these reasons that 91% of organizations are concerned about cloud security and over half of that number describe themselves as being very concerned (38%) or extremely concerned (22%).

This gets expensive. According to last year’s Global Cost of a Data Breach Report from the Ponemon Institute, the average total cost of a data breach was $3.86 million with an average cost of $148 per lost or stolen record.

Is using the cloud safe or not?

While the concerns are real and many, and the costs of a breach considerable, the cloud can still be considered a safe and cost-saving option for many small businesses. Cloud usage has only increased over the years.

Why?

For one thing, the built-in redundancy of off-site cloud servers means that your data is more secure from the numerous risks on-site servers and data centers are vulnerable to that could disrupt business continuity—natural disaster, hardware failures, and other accidents.

As far as network security and the cloud are concerned, cloud service providers are constantly improving their security protocols. Major cloud service providers such as Google, Amazon, Microsoft, and IBM are always updating their security protocols and setting new standards. They want to keep your business, so it’s in their best interest to maintain your confidence in their ability to keep your data safe.

This is an evolving process. As cyber attacks get more sophisticated, so too do the defenses get more sophisticated. Cloud service providers work hard to stay ahead of the threat.

Is the cloud worth the risk?

The cloud offers greater flexibility in how business people can get the data they need. They do not need to be in the office to access important data, place orders, or update customer information. They can perform those tasks from any location where they have a reliable and secure internet connection.

The cloud has also proven useful in project management, application development, and other situations that require input from a variety of sources and teams. With a choice of platforms, businesses can select among a number of options for how integrated their cloud service is with their business operations.

Cloud service offers more than just data storage and backups, it can also be used to streamline business communication and to establish an enterprise resource planning (ERP) system. Furthermore, its scalability means it can grow at the same pace as your business, meeting your specific needs as they come up.

Actionable security tips for the office

Most security steps you can take in the office come down to common sense actions:

• Your business should have a system for using unique usernames and password creation made up of letters, numbers, and special characters. If possible, a dual-authentication process should be put in place to further bolster your local security.
• Passwords should be changed on a regular basis.
• Employees should never share their login and password information.
• Industry standard encryption and authentication protocols can act as a secure buffer between your data and cybercriminals. Data stored on the cloud is encrypted when uploaded, and further protected by additional authentication requirements.
• Business information can also be encrypted prior to uploading to the cloud and unencrypted locally, making it more difficult for malicious persons online to profit from your data.
• Employees should be trained in how to recognize possible phishing scams and how to avoid infecting their computer or other devices with malware.
• If using a managed IT service provider, find out what security policies and procedures they have in place, how they are implemented, and what, specifically, should be done in case of a breach.

Actionable security tips for the road

Remote employees can also do their part to maintain cloud security:

• When using a portable device such as a tablet or phone to access the cloud, they should avoid using public Wi-FI whenever possible.
• Employees should be aware of their surroundings and not leave portable devices unattended.
• Likewise, portable devices should be password protected, ideally with dual-authentication.
• Should a portable device become lost or stolen, they should contact the IT staff immediately.
• Encryption protocols used in the office can also be used in home offices as well as on portable devices.
• Remote employees should be wary of suspicious text messages as well as emails for both laptops and home office setups, but also their portable devices.

The big picture

While the threats are real, the cloud is as secure as any other IT setup—particularly if a managed IT service provider is on board to help ensure you have sensible security systems in place. The benefits of cloud computing are too many to ignore and are essential to maintaining a competitive edge.

Common sense and preparedness will do much to keep your business data secure and to keep your clients confident in your ability to manage their personal data and information safely.