David Emm, senior security researcher with Kaspersky Lab, said there are two key factors driving development of cloud services.
“The first is cost. The economies of scale that can be achieved by storing data or hosting applications in the cloud can result in significant savings for businesses”, he said.
“The second is flexibility. Employees can access data from anywhere, at any time, using any device – including mobile devices. So businesses can benefit from an 'always-on' workforce. However, this research proves companies still harbor concerns about implementing cloud services”, he added.
Emm goes on to say that, on the other hand, there are those who believe the cloud offers built-in security, which can be a potentially dangerous assumption. But whatever a company’s perception, he asserted that measures need to be put in place to ensure that the cloud is used in the safest way.
In view of these findings, Emm advised that IT security professionals need to remember that data stored in the cloud is accessed from an endpoint within a business.
This means, he said, if a cybercriminal is able to compromise the endpoint, they gain access to the data – wherever it is stored. The wide use of mobile devices, he added – while offering huge benefits to a business – also increases the risk.
Against this backdrop, the Kaspersky Lab senior security adviser said that cloud data can be accessed from devices that may not be as secure as traditional endpoint devices. The combination of personal and business use on the same device, he noted, only serves to increase this risk.
Secondly, he said, the cloud itself is likely to become a target – and, given that a cloud provider holds so much data, that makes it a very attractive target.
“We need look no further than the spate of targeted attacks on organisations in recent months to understand the potential risk here – in particular the attack on Sony”, he wrote in a security blog posting.
So What Is to Be Done?
Emm advised that it is important to recognize that endpoint security remains paramount for businesses. In addition, he said that all data should be encrypted, just in case a breach occurs.
Then, he goes on to say, before you sign up with a cloud provider, consider the legal ramifications of storing data in the cloud. Do you know where the data will be held and which legal jurisdiction it will fall under?
Finally: “think about the business continuity aspects of storing data in the cloud: not just what happens if the cloud 'goes down', but what happens if you decide to move to another provider.”