Why Do SMBs Believe Their Data is Unsafe in the Cloud?

6 Min Read

The cloud has been around for many years and has fundamentally changed the way companies do business by opening up a whole new world of employee collaboration and productivity. But despite these benefits, small- to medium-sized businesses (SMBs) are still doubtful about its security. According to a recent study by IS Decisions, 61% of SMBs believe their organization’s data is unsafe in the cloud.

They are clearly still worried about trusting a third party with their valuable data. So what are the
specific fears SMBs have with cloud storage and what can they do about it?

Unauthorized access becomes harder to spot

One of the biggest cloud security worries is the detection of unauthorized access to sensitive files and folders.

When valuable data is stored on on-premise file servers, organizations are assured that it is ‘relatively’ secure from unauthorized access because of the need to be physically present in the office to access these servers. Even with employees and third-party partners using VPNs, the IT team can restrict access to only specific devices, so the data remains relatively secure.

However, when data is stored in the cloud, the chance of unauthorized access is much higher. It makes it really hard for IT teams to detect misuse, thus causing major security concerns. Without the right access controls in place, an attacker using stolen credentials could, in theory, gain access to sensitive files and folders from anywhere in the world using any device.

To counter this fear, 21% of SMBs said they keep their most valuable data stored on on-premise infrastructure because they don’t trust the security in the cloud. Organizations are worried that the information will end up in the wrong hands because they don’t have visibility of who is accessing these files.

Leaving employees stealing data is harder to prevent

It is hard for security teams to stop employees who are leaving your organization from stealing
sensitive data.

With on-premise storage and just a desktop computer, there’s that much more risk of getting noticed (through prying eyes) if someone tries to steal sensitive information. But with data stored in the cloud, it can be accessed from anywhere in the world, using any device. It then becomes much easier for ex-employees to steal information before they leave and harder for IT teams to spot it.

Hybrid storage environments are complex and harder to manage

56% of SMBs say that it’s difficult managing the security of data living in hybrid infrastructures.

This issue is naturally linked to the first two — and one can argue that complex hybrid environments make the other two issues much worse.

Many organizations have hybrid storage environments nowadays— a mix of cloud storage providers and a mix of on-premise servers. While this approach is good for productivity, it makes managing the security of the data stored across multiple environments very challenging.

Each cloud provider manages security differently, and if you don’t actively monitor access to each platform on an ongoing basis, it’s difficult to detect any malicious behavior and stop data theft.

The mentality about sensitive data needs to change

We found that 21% keep their sensitive data on premise because they don’t trust its security in the cloud.

But then, we asked them what constitutes sensitive data, and 74% of them said their corporate credit card data was sensitive, 71% said their employees’ personal information was sensitive, 62% said client contact details were sensitive, and more worryingly, only 53% stated their clients’ data was sensitive!

SMBs need some help understanding what sensitive data it.

More and more companies choose their suppliers based on the strength of their cybersecurity strategy. When it comes to business, it’s very important to demonstrate you have an effective cyber-posture because it can be the difference between winning and losing new clients, as well as retaining old clients.

What can SMBs do about it?

The best way to ensure your data is protected (whether in the cloud or on a mixture of on-premise and cloud) is to invest in technology. It needs to proactively track, audit, and report on all access to files and folders, and alert IT teams on suspicious file activity the moment it occurs.

What you need is a monitoring solution in place that provides a consistent and unique view of the security of your data across all your storage servers (whether on-premise or on a third-party cloud system). You can then rest assured that if someone other than an authorized employee tries to access your data, you’ll be the first to know about it, and you’ll be able to do something about it.

Share This Article
François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues. IS Decisions is a provider of infrastructure and security management software solutions for Microsoft Windows and Active Directory. The company offers solutions for user-access control, file auditing, server and desktop reporting, and remote installations. Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies; and save time and money for the IT department.