Cloud data storage services are transforming todays business landscape, enabling employees to be more productive and business more agile, as teams no longer have to be in a specific office location at their desk working, they can work remotely.  From research undertaken by Vanson Bourne it shows that the cloud is providing organisations with big efficiencies in particular 17% reduction in IT maintenance costs; 15% in IT spend and an 18% increase employee productivity.  With these learnings it is no surprise that cloud data security is now a board-level concern for 61% of organisations (Cloud Security Alliance – CSA).

So why do I need Cloud Data Security?

The challenge with cloud data security is that this service is not provided by IT departments but by employees with self enabled cloud services, often referred to as “Shadow IT”.  Even if organisations are taking steps to adopt cloud services in a controlled and strategic way, it is likely that employees are not acting with the same care and attention.  It is estimated that 90% of cloud activity is driven by individuals and small teams with the average company nearly using nearly 900 different cloud services, up 43% from 2016.  The damaging headlines of data breaches, loss of access and compliance fines continues to worry organisations who are increasingly referring to partners to help resolve these challenges.

Best framework for Cloud Data Security

So what is the best framework to help cloud data security?  Gartner have provided a useful framework for managing this, based upon four pillars of functionality: visibility of what cloud services employees are using; understand the compliance requirements for information usage; cloud threat prevention of data breach and cloud data security.

Some cloud services provide the highest level of security but with over 10,000 cloud services providers available, the variation in security capabilities is large.  Only a few cloud service providers provide two factor or greater authentication and not many are ISO certified.  Encryption of data at best is still relatively unused.  A study by the University of Cambridge shows that 31% of passwords are re-used in multiple places.

If businesses adopt and use this framework it will enable them to identify the relevant areas of concern.

What are the risks to Cloud Data Security

As organisations continue to invest in cloud services for the reasons noted above, the risk from Shadow IT is immense and unless it is bought under the same management as traditional IT management it will undermine the data security.  A survey of 409 IT leaders from the Ponemon Institute investigated the risk of cloud services and particularly to the threat of individual cloud storage and identified 9 major risks:

  1. Loss or theft of intellectual property
  2. Compliance violations and regulatory actions
  3. Loss of control over end user actions
  4. Malware infections that unleash a targeted attack
  5. Contractual breaches with customers or business partners
  6. Diminished customer trust
  7. Data breach requiring disclosure and notifications to victims
  8. Increased customer churn
  9. Revenue losses

What to do next?

A large proportion of small businesses are unable to confirm if their employees are using their own cloud in the workplace.  In order to reduce risk of unmanaged cloud usage companies first need to have visibility on what their teams are doing, once they know this they can then enforce corporate data security compliance.  The cloud data storage is here to stay, and companies must balance the risks of cloud services vs the clear benefits they bring.

If you would like some help in assessing your cloud data risk please get in touch to arrange your FREE 60-minute consultation.

Sources:

https://www.vansonbourne.com/news/news-recent/february-2014/it-professionals-are-struggling-cloud-security/)

https://cloudsecurityalliance.org

https://www.ponemon.org)