Cloud: The data breach scapegoat
Fair to say, the cloud is virtually indispensable to businesses today. The benefits available using cloud apps and services are widely understood, yet security and data concerns are still preventing some businesses from taking their first steps off-premise.
So, why are there so many still uneasy about storing confidential data in a hosted environment, preferring the perceived safety of private servers? And are these fears backed up by facts?
In truth, many of the dangers lie on the “safe” side of your firewall. A 2015 UK Government survey* found that 75% of data breaches were staff-related, while 50% of breaches were the result of “inadvertent human error”.
Those following simple procedures to safeguard against security threats – both external and internal – will find that moving to the cloud propels them forward and enhances overall competitiveness.
Security awareness training is the key issue here, but with cloud security standards now second to none, the stats above suggest that the cloud is being unfairly regarded as the data breach scapegoat.
The blame game
A recent survey by the Cloud Industry Forum found that internal security was a significant concern for 61% of respondents, followed by data privacy, 54%.
It’s understandable that businesses are concerned, yet the same survey found that only 2% of organisations had experienced a security breach when using cloud services.
Let’s take a moment to think about this.
The cloud offers secure systems, applications, and data with monitoring and controls that increase security and reduce risk.
ITproPortal.com goes further, listing cloud features available to all: “Data encryption at-rest and in-transit, key management systems, isolated networks, advanced identity and access management, detail logging for all resources, resource configurations to reduce human error, and automated resource inspection.” All in all, a pretty thorough line of defence at a fraction of the investment needed to install a similar arsenal into your on-premise infrastructure.
So, if it’s not cloud breakdown that’s causing the majority of data breaches, maybe it’s time to look more closely this side of the firewall.
In November 2016, personal details including eligibility for mobile phone upgrades, was maliciously accessed from Three’s customer database, using legitimate login credentials. The details were then used to order new devices, which were then intercepted and sold on.
In a similar case affecting UK-based accounting software firm Sage, from August 2016, an internal login was used to gain unauthorised access to employee data at nearly 300 UK firms, with fraudulent intent.
While highlighting the impact of human intervention in cases of data breach, these examples show how security shouldn’t necessarily be regarded as a general barrier to cloud adoption.
Instead, businesses should be considering how to promote data security and best practice at every level of their business, no matter what technologies they use.
4 ways to mitigate the risk
74% of IT managers at large UK enterprises, surveyed by Office Depot, believe their company isn’t doing enough to ensure cyber security and data protection.
Fortunately, a few simple measures can help ensure your organisation stays safe from the majority of external and internal threats:
1. Monitor all ingoing and outgoing traffic, using alerts to flag unusual activity, producing reports and making manual checks for peace of mind.
2. Monitor websites that identify and publicise new security threats, keeping you up to date with the known threats taking place at any moment.
3. Ensure your firewall and anti-virus software is functioning and set to update regularly and automatically.
4. Ensure all employees are trained (and regularly updated) on your security policies, standards and measures, and the full consequences of negligently or maliciously exposing your organisation to data breach.