Roughly a quarter of companies (23 per cent) see the cloud as a threat to their IT security, according to a survey carried out by Kaspersky Lab
Roughly a quarter of companies (23 per cent) see the cloud as a threat to their IT security, according to a survey carried out by Kaspersky Lab1.
“There are two key factors driving development of cloud services. The first is cost. The economies of scale that can be achieved by storing data or hosting applications in the cloud can result in significant savings for businesses,” says David Emm, senior security researcher at Kaspersky Lab. “The second is flexibility. Employees can access data from anywhere, at any time, using any device – including mobile devices. So businesses can benefit from an 'always-on' workforce. However, this research proves companies still harbour concerns about implementing cloud services.”
“On the other hand, there are those who believe the cloud offers built-in security, which can be a potentially dangerous assumption. Whatever a company’s perception, measures need to be put in place to ensure that the cloud is used in the safest way.”
Please see below for further advice from David Emm, senior security researcher at Kaspersky Lab, on things to consider before moving to cloud:
First, we should remember that data stored in the cloud is accessed from an endpoint within a business. So if a cybercriminal is able to compromise the endpoint, they gain access to the data – wherever it is stored. The wide use of mobile devices, while offering huge benefits to a business – also increases the risk. Cloud data can be accessed from devices that may not be as secure as traditional endpoint devices. The combination of personal and business use on the same device increases this risk.
Second, the cloud itself is likely to become a target – and, given that a cloud provider holds so much data, a very attractive target! We need look no further than the spate of targeted attacks on organisations in recent months to understand the potential risk here – in particular the attack on Sony. On top of this, we've already seen the cloud used as a distribution mechanism for malware – see these two articles on Securelist.com: here and here.
So what is to be done? First, it is important to recognise that endpoint security remains paramount for businesses. Second, data should be encrypted, just in case a breach occurs. Third, before you sign up with a cloud provider, consider the legal ramifications of storing data in the cloud. Do you know where the data will be held and which legal jurisdiction it will fall under? Fourth, think about the business continuity aspects of storing data in the cloud: not just what happens if the cloud 'goes down', but what happens if you decide to move to another provider.
1 Kaspersky Lab carried out an online survey of 1300 senior IT professionals in 11 countries.
