Why SMBs Still do not Trust Cloud Storage Providers to Secure their Data

There’s no doubt that the cloud has changed the way most companies do business. It has opened up a whole new world of collaboration and productivity that now we could probably not live without.

Yet cloud adoption is continuing to raise security concerns across small- to medium-sized businesses (SMBs) — especially when it comes to storage. Naturally, when storing data in the cloud with services like Dropbox for Business, Google Drive, Microsoft OneDrive and Box, organizations might feel that their data is less secure and prone to leaking. Trusting a third party with your data just feels risky because you’re not in control of it.

IS Decisions research proves those concerns exist, with 63% of SMBs believing that cloud storage providers should do more to protect their data. What exactly are the specific issues SMBs have with data in the cloud?

They can’t detect unauthorized access
One of the biggest cloud security concerns among businesses today is the detection of unauthorized access to sensitive company files and folders.

Traditionally, when businesses store their data on on-premises file servers, they could rest assured that the data is ‘relatively’ secure from unauthorized use. The reason that it’s assumed secure is because of the need to be physically present in the office to access these files — creating a natural boundary against unauthorized access from outside the organization.

Even for employees and third-party partners using VPNs, which allow access outside of this boundary, data remains relatively secure because IT teams can restrict access to specific devices only.

With cloud-based storage, the ease of sharing data among teams coupled with the simplicity of integrating your storage with other cloud applications is significantly increasing the chance of unauthorized access — causing major security concerns for IT teams who are struggling to detect misuse.

Without the right access controls in place, if an employee’s login credentials were to fall into the wrong hands, a perpetrator could, in theory, gain access to sensitive files and folders from anywhere in the world using any device.

Businesses are worried that because they don’t have visibility of who is accessing these files, the information will end up in the wrong hands. In fact, one in five (21%) have gone as far as to say they keep their most sensitive data stored on on-premises infrastructure because they don’t trust its security in the cloud.

They struggle to stop ongoing data theft
Stopping employees who are leaving your organization from stealing sensitive company files before they leave is causing a huge amount of headache for security teams across the globe.

With on-premise storage, there’s a much higher risk of spotting someone who is attempting to steal sensitive information because the information is stored on the physical desktop computer, rather than something that can be accessed externally.

Whereas, with cloud-based storage, you can access data from anywhere in the world, using any device (even personal devices), so it’s almost too easy for ex-employees to steal information before they leave. In fact, even when that employee does officially leave, there’s still the risk that they have access to company data.

Managing complex hybrid storage environments is difficult
This issue is inherently linked to the first two — and one can argue that complex hybrid environments make the other two issues much worse.

Most businesses use a mixture of storage environments these days — both in terms of a mix of cloud storage providers and a mix of on-premises servers. While this hybrid approach helps employees become productive, it makes managing the security of the data stored across multiple environments very challenging.

Each cloud provider has a different way of managing security, and without actively monitoring access to each platform on an ongoing basis, it’s difficult to detect any malicious activity and halt data theft. Indeed, 56% of SMBs say that it’s difficult managing the security of data living in hybrid infrastructures.

What to do about it
The most effective way to ensure that your data is protected whether it’s in the cloud or on a mixture of on-premise and cloud, is to invest in technology that proactively tracks, audits and reports on all access to files and folders and alerts you in real-time and alert IT teams to suspicious file activity the moment it occurs.

If you have a solution in place that provides a consistent view of the security of your data across all your storage servers — whether on-premises or on a third-party cloud system like Dropbox for Business, Google Drive and Box — you can rest assured that if someone other than an authorized employee attempts to access your data, you’ll be the first to know about it and therefore, be able to do something about it.

What’s Hot on Infosecurity Magazine?