Naturally, whatever computing or IT setup you have, security is an issue. In fact, in Gartner’s most recent predictions for 2025, a majority of organisations will be taking cybersecurity into account when deciding on transactions and business partnerships, and 40% of company boards will have a dedicated cybersecurity committee. Keeping your information safe is a very current issue.
For smaller businesses considering using cloud computing services, this can sound scary. After all, the big feature of cloud computing is that your information is no longer on-site but kept in a distant data centre over which you have little control.
You’ll be pleased to know that cloud security is not all on you. The responsibility is shared between the cloud service provider and the user/client (often in the service level agreement under “shared security responsibility model” or something similar). Basically, it’s up to the provider to ensure that their infrastructure is secure, and up to you to manage potential breaches on your end (put simply, your password should not be “password”!)
So, what are the main security issues? Just how secure is cloud computing?
The most commonly used cloud services tend to be software-as-a-service (SaaS). SaaS products are basically apps or software accessed via the cloud; i.e. you don’t download or install them on a device, you just need a web browser.
According to McAfee, the top 10 SaaS security issues are:
- Lack of visibility into what data is within cloud applications.
- Theft of data from a cloud application by a malicious actor.
- Incomplete control over who can access sensitive data.
- Inability to monitor data in transit to and from cloud applications.
- Cloud applications being provisioned outside of IT visibility (e.g., shadow IT).
- Lack of staff with the skills to manage security for cloud applications.
- Inability to prevent malicious insider theft or misuse of data.
- Advanced threats and attacks against the cloud application provider.
- Inability to assess the security of the cloud application provider’s operations.
- Inability to maintain regulatory compliance.
What this boils down to for you is protecting your data and restricting access. You need to be aware of what data you’re keeping in the cloud and who can get at it. What’s more, the question of identity is important because an increasingly common mode of cyberattack is to get hold of a username and password for a system and access it ‘legitimately’.
Some simple cloud security measures you can take:
This sounds more complicated than it is. Basically, it’s about setting things up so your people need more than just a password to log in. It might be a secure USB key that only they have, receiving a code via their smartphone, or simply answering a prearranged security question. Whichever, if someone hacks an employee’s password, they still won’t be able to access your system or data.
Uploading, downloading… basically, your data is in motion and potentially vulnerable. Encryption means even if it is intercepted or hacked, the data is unreadable. Look for cloud services that offer this service.
Some cloud services involve you applying security patches from the vendor to your system. At the risk of being obvious, apply security patches promptly.
Restrict unnecessary access
Not everybody needs access to everything. In your business, people only need access to the data relevant to performing their job. Restricting access on a ‘need to know’ basis helps limit potential damage should an employee’s username and password be compromised.
Take sensible precautions and cloud computing is secure
The issue of cloud security is especially relevant if your people are working remotely. A study by Tenable and Forrester found that 74% of employers have experienced cyberattacks linked to technology used for remote working. Be aware of what data you have stored in the cloud and who has access to it. And talk to your cloud services provider about what your business can do to protect its data more effectively.
If you want to know more about what cloud computing could do for your business, check out our services, or give us a call on 1800 312 972 – we’re here to help.