SMBs need to consider data security in rush to the cloud

A recent Microsoft survey found that 39% of SMBs expect to be paying for cloud services by 2014, up from 29% currently. In addition, the survey found that within three years, 43% of workloads will become paid cloud services, but 28% will remain on-premises, and 29% will be free or bundled with other services.

"Our observations suggest that organisations of all sizes – and not just SMBs – can overlook aspects of their data encryption needs for cloud data, as they focus on the cost savings that accrue from cloud migration. I would say that security accountability and transparency of how customer data and cloud system security are being handled by cloud vendors is also suspect”, Lieberman said.

SMBs should take a centralized management approach to data encryption in the cloud to give IT staff control over the encryption keys. “The challenges to the cloud users and providers will be the management of encryption systems, including encryption key management”, he stressed.

“There are also potential issues with trying to index data that is in encrypted form in the database, so encryption approaches will have to examine not only data in flight (point-to-point encryption) as well as data at rest (databases and other forms of storage)”, he added.

"Microsoft's research shows that SMBs are now joining a growing number of enterprises in adopting the financial benefits of the cloud. They should all, however, be cautious of adopting a solution that does not encrypt data on a centralized basis, as they might wind up failing to meet their compliance requirements as a result", Lieberman concluded.

What’s Hot on Infosecurity Magazine?