Security and the Cloud

cloud security

There’s been a lot of talk in recent years surrounding security and the cloud and it was something that delayed initial traction in the market until reasonably recently. However, as more and more businesses have made the transition, it’s clear that faith in cloud services has grown.

Despite a recent Ponemon Institute study, which found that moving to the cloud could triple the cost of a data breach, there’s still plenty of evidence to suggest that the cloud is much safer than many business premises.

45% of Network Attacks Due to Malware

A recent study by NTT Group found that businesses are still not doing enough when it comes to securing the company network. In fact, it was found (somewhat worryingly) that many businesses don’t even have the most basic protection, such as antivirus software and vulnerability scanning, in place.

The research looked into more than three billion attacks that had taken place affecting businesses in 2013. It found that more than half of all the unpatched systems detected had had patches available for two years. This lack of carrying out even the most simple and important tasks can of course significantly increase the risk of attack.

Further to this, it was found that a whopping 78% of those companies that suffered an attack didn’t have any kind of response planning. This means that in the event of an attack, firms would have been completely unprepared and would inevitably lost money.

The Cloud vs the Office Network

Cloud services tend to be based in data centres which have much more robust security than those seen in the study. Not only is data regularly backed up, but it’s also protected by layered security such as hardware firewalls and antivirus solutions. Unlike many of the businesses which the study looked at, good data centres also generally have disaster recovery plans set out and available as documentation for customers.

According to the report, the problem often lies with the board when it comes to network security. It seems that a basic lack of understanding when it comes to just how much an attack can affect the company leads to a shortfall in IT budgets.

For the IT manager, this is obviously something that’s very frustrating. After all, without the budget in place, it’s very unlikely that a manager can do enough to protect the network. However, it should be pointed out that vulnerability scanning and applying patches is not an expensive solution and is something that’s vital to every business.

Security-as-a-Service?

The report goes on to suggest that companies would be well placed to work with security experts and buy this as a service. This would take the pressure off IT managers and help to mitigate the risk to the business network. There’s no reason that this couldn’t take place in the cloud either, it’s quite usual for external auditors to access the cloud service in order to be able to prepare for an audit.

This could complement the skills of existing staff and that of data centre security to provide an overall complete solution.

Cost of a Breach to Business

Furthermore, it’s really very necessary that companies begin to educate executive staff on the effects of poor security at work. The outcome of a data breach is often a loss of business and of course, impact on profits.

Whilst the board might not understand the need for security, executives are often concerned with any impact a situation might have on profits, so it’s perhaps better to educate based on numbers, rather than IT.

It does seem something of a paradox in the wake of the report that businesses still claim not to trust the security of the cloud and yet have little in the way of basic protection, planning for attack or risk mitigation.

Hosted Desktops and SaaS

The most firmly established cloud offering is also the most popular and security concerns aside, SaaS (software in this case, not security) is providing many businesses with the means to gain more agility. The pay monthly model reduces capital expenditure and if the data, as well as the apps is stored in the cloud, then there’s little doubt that it’s better protected than it would be on many business premises.

Of course, there are many other benefits, not least that services such as hosted desktop allow employees to work remotely. Given that remote working is rising hugely in popularity as the work/play divide becomes narrower and narrower, the pluses certainly seem to outweigh any concerns that a company may have about security.

Image: T-Systems