Cyber security is becoming one of the most important risk control concerns of global business. According to the Lloyd Risk Index 2013, cyber attacks came up as third in the list of business concerns, appearing on the biennial list for the first time (although US businesses rated it high in 2011 as well). The increased awareness of risk comes as a result of high-profile attacks and a change in the nature of cyber attacks. With more hacktivist and revenge hacking, the cost of attacks has increased. Lloyd’s cites an annual cost for cyber attacks of up to $46 million per year for some companies.
Along with an increased awareness of cyber security risks has come a wariness of using the cloud for business.
Security Concerns Keep People off the Cloud
When it comes to cloud computing, it’s very easy to think of bad cybersecurity scenarios. Your company’s data, and the data of your customers, is out there where anyone could potentially access it. This could lead to serious data theft that could reveal trade secrets, expose private information, and result in liability for negative consequences suffered by customers whose data was exposed. It may also cause irreparable damage to your company’s reputation.
To some extent, this fear keeps businesses off the cloud. According to Microsoft’s poll of small and medium businesses (SMBs) in France, Germany, the UK, and the US, 60% of businesses not adopting cloud services cited security concerns about the cloud, and 45% were concerned that they might lose control of their data.
A Ponemon Institute survey reported that about 46% of respondents had slowed or stopped implementation of cloud services due to security concerns.
The Good News: Data Is as Safe (or Safer) in the Cloud
However, Microsoft’s study shows that the reality for data is much different from what is feared. The study showed that 94% of SMBs got new security features with cloud computing than they had with their in-house computing solution. These features include: constant updating of software and hardware, up-to-date antivirus, and spam email management.
In addition, 62% of companies actually saw evidence of improved privacy after switching to cloud computing., while 91% of respondents felt their security had improved after switching to cloud-based services. These survey responses show that businesses who move to the cloud are actually likely to experience security benefits, despite their concerns.
Since the data that is stored on the cloud is usually protected by using 256-bit AES encryption, it is nearly impossible for hackers to access it without knowing the password. It also protects against physical attacks, since the data is stored off-site. Many users find cloud storage more functional than on-site options, since the data is accessible from anywhere with an internet connection, with the most commonly used data being stored in a local cache. Simply put, cloud storage is probably the safest available option for businesses of all sizes because it is 100% adaptable and extremely safe to use.
The Bad News: How Safe Is That?
Despite security benefits in the cloud, security falters when it comes to the end-user. Poor password practices, oversharing on social media, and a tendency to click on dubious links all jeopardize cloud security in the same way that they jeopardized security of on-site computing.
But, according to the Ponemon Institute study, it would be unfair to put the blame for security problems exclusively on the end users. The survey showed that the nearly 750 IT security experts believed there were potential major security problems caused by the way cloud services were implemented. The survey showed that only about half of companies had checked out the security of cloud applications before implementing them. Worse, only about half of the companies surveyed were confident they knew all the cloud applications being used in their business. And, once a cloud solution was implemented, 10% or less of IT managers took responsibility for its security. Instead, security was most often left in the hands of the cloud computing service provider (36%) or the end-user (31%). Based on the poor password and personal information habits of end users, this may not be such a great decision.
Although cloud computing remains a safe data option for businesses, it can never be completely safe so long as it involves human users. Businesses that want to benefit from the cloud have to take responsibility for instituting safe applications and best practices in their offices.