Security Risks Increasing Considerably When Moving Sensitive Data to Enterprise Cloud

Reading Time: 4 minutes

Stick your head around pretty much any corner and there’s bound to be something about the ever wider reaches of cloud computing and what it promises to entail for the future in the digital world. The ability to utilize non-physical storage and then share data with requiring access to this storage has really been a game changer. Now with good usually comes at least a little not-so-good, and – surprise, surprise – cloud computing is no exception. However, if there was a ‘do over’ button would anyone press it and go back to the times of exclusively physical location storage and access?

Not a chance.

Cloud computing is going to be one of the centerpieces of modern computing technology for the foreseeable future, so we are going to need to accept and overcome a few bumps in the road along the say. Increased security risks are at everyone’s forefront in the digital realm these days, and here at 4GoodHosting we’re like any reputable Canadian web hosting provider in that we’re making enterprise-level security measures standard with most of our web hosting packages.

And while we’re huge fans of cloud computing, our expertise is in web hosting and we don’t claim to know much if anything about security risks related to cloud computing. However, research is something we ARE very proficient with and as such we’re always happy to dig into topics that our customers are likely to find relevant to what they do on a day-to-day business on the World Wide Web.

Cloud with Caution

And so here we are in a brand new decade and there’s going to be no one surprised with the fact that enterprises continue to feed their clouds with increasingly sensitive information. However, it would seem doing is increasingly risky and decision makers are being urged to move forward with caution. A recent study logged from anonymous data from 30 million enterprise cloud users found that roughly 26 percent of files analysed in the cloud now contain sensitive data, and the trend has been for this to increase some 23% year over year.

This becomes potentially problematic when you consider that 91% of cloud services do not encrypt data upon entering cloud storage. That means of every 10 or so entries, more than 9 aren’t guarded well – if guarded at all – sitting in the cloud.

Now, to be fair, data loss protection (DLP) software does exist and a lot of it is quite good and reasonably effective. However, it’s also estimated that only 37% of cloud service providers say they are utilising DLP. Add next that nearly 80% of them also access to enterprise-approved cloud services from personal devices, and – perhaps more alarmingly – a quarter of companies report having sensitive data downloaded from the cloud to an unmanaged personal device.

Spotty Security and Risk Management

It’s not that the current infrastructures in place are bad, and more that they’re insufficient and spotty with how and where they’ve been rolled out. Gaps in data visibility and shielding continue to mean that certain networks look very inviting to breach attempts and non-compliance.

A recent survey found that 93% of cloud storage providers agree that the responsibility to secure data in the clouds is theirs. However, many of these same respondents say there is an emerging trend in the industry where there are simply not enough individuals with the skills required to put the right infrastructure in place and maintain it. SaaS (software as a service) is new, but it’s not that new and to some degree it’s hard to believe this assertion.

It IS fair to say, however, that technology and training continues to be outpaced by cloud’s aggressive enterprise growth. The expression ‘growing pains’ may be very appropriate here.

Smart Reactionary / Precautionary Measures

So what are the recommendations for anyone with above-average concerns about sensitive data of theirs being stored in the cloud?

Here are 3 things you can – and should – do to increase security of cloud-stored data:

  1. Evaluate your data protection strategy for devices and the cloud

Consider the difference between a disparate set of technologies at each control point, along with the advantages of merging them into a single set of policies, workflows, and results

  1. Investigate the breadth and risk of shadow IT

Determine your scope of cloud use, and put a primary focus on high-risk services; then move to enabling your approved services and restricting access to any that have the potential of putting data at risk

  1. Plan for the future with unified security for your data

Context about devices improves cloud data security, and context about the risk of cloud services improves access policy through the web. Many more efficiencies will exist, while some are yet to be discovered. The smart merging of all these control points will be what will deliver the future of data security when it comes to utilizing all the advantages of cloud storage and access.

In conclusion, a last consideration that you can have is to look a little longer at what sensitive files will be fine in physical storage and better there with all the inherent security that comes with that. Never look at cloud storage as something to be used just because it’s there. If you don’t see a particular set of files as needing the ease accessibility the cloud provides, and they don’t ask much for much space, then perhaps they’re just fine staying stored where they are.


Post Navigation