Cloud adoption has boomed in recent years, with a recent survey [1] showing that over 80 per cent of companies in Europe are now using some form of cloud app. It’s easy to see the attractions of moving to the cloud; lower costs, greater scalability and availability from anywhere at any time are just a few of the benefits.
However, security measures haven’t kept pace, with many businesses still relying on traditional solutions that don’t offer them full visibility into their cloud systems. As more and more work moves to the cloud, enterprises need to address the security concerns that this raises. Typically these fall into three categories.
Securing Mobile devices
The use of mobile devices for business has increased dramatically. But if devices – whether company supplied or BYOD – are used to access data in the cloud, they can put business data at risk if they are not properly secured.
The problem is that companies don’t have control over the networks that employees use when they are out of the office. With cloud applications encouraging people to synchronise their data across multiple devices, there is a risk that this could be happening over insecure public links.
It’s therefore important for businesses to use technical solutions – such as VPNs – and to apply compliance rules to minimise the risk.
Shadow systems
Another risk that stems from the cloud is the use of shadow IT. The cloud is host to many readily available systems such as Dropbox and OneDrive. It can be tempting for employees to use these systems to store business data to allow them to do work at home or elsewhere. By doing this, they may be skirting company IT policies and using unauthorised applications that could put data at risk.
This can be a tough issue to address as many firms do not have visibility as to which systems staff are using. It’s also possible to compound the problem if officially sanctioned tools end up being less easy to use than freely available alternatives.
Network security
In the past, enterprise security has been focused on the endpoint, but now with many different ways of accessing information, more comprehensive protection is required. Data needs to be secured when it’s at rest, whether in the cloud or on an in-house system, and when it’s in transit to and from the user. And of course, endpoints are increasingly likely to have gone mobile which adds further complication.
Because there are many more ways in which people can access data, securing it requires a more creative approach. Access management systems need to be able to identify users accurately even if they sign-in from different locations. They also need to monitor unusual traffic patterns and behaviours that might indicate an insider threat or malicious activity.
What’s the solution?
When storing data in and using apps from the cloud it’s easy to fall into the trap of assuming that security is the responsibility of the service provider. But it’s still your data and as a business, the responsibility of looking after it is yours.
The growth in cloud use has led to a parallel expansion in the number of security systems on offer to keep cloud solutions secure. Often these are in the form of cloud access, they can, therefore, help to detect the use of shadow IT as well as showing up unusual patterns of data use. They can help defend against zero-day malware attacks too.
In addition, CASBs provide access and identity management. This can not only authenticate usage but can control who gets to access what, helping to deliver on compliance and data protection requirements.
Cloudworks consultants can guide you through securing your on-premises and cloud-based environments – if you would like to talk to us about security then please reach out by calling 0115 824 8244 or emailing hello@cloudworks.co.uk.
[1] https://betanews.com/2018/08/22/europe-cloud-adoption