That hard disks, pen drives and other physical storage devices are an attractive target for cyber-criminals wanting to steal confidential information from enterprises is something that company managers are well aware of. And, in fact, they try to educate their employees about the need to use those tools properly.
However, the now-popular digital cloud, used by businesses to store increasing amounts of sensitive information, must also be taken into consideration when designing a company’s cyber-security strategy. Moving to the cloud has powerful benefits – cost savings, easy access to files from anywhere, convenience, etc.- yet it also poses some risks that must be identified and controlled.
According to a recent study published by the prestigious Ponemon Institute, the majority of businesses have not or do not know if they inspect their cloud services for malware.
The majority of businesses have not inspected their cloud services for malware.
According to the study, while 49 percent of business applications are now stored in the cloud, fewer than half of them are known, officially sanctioned or approved by the IT Department.
While respondents understand the risk of data breaches, nearly a quarter could not determine if they had been breached, and nearly a third couldn’t determine what types of data were lost in the breach(es). Neither do they know how the breach(es) occurred.
This and similar studies seem to indicate that enterprises rely too much in the security measures adopted by cloud service providers themselves and that, all too often, companies leave the protection of their most valuable secrets and assets almost exclusively in the hands of third parties such as Amazon or Slack.
To resolve this situation, CISPE, a coalition of cloud service providers operating in Europe, has published the sector’s first code of conduct aimed at ensuring data security and confidentiality. Compliant cloud infrastructure providers will be able to identify themselves with a ‘Trust Mark’ that will provide additional security assurance for customers, especially corporate ones.
Nevertheless, despite the measures taken by these Internet giants to ensure the integrity of the information stored on their servers, companies and their employees cannot ignore their own responsibility to keep corporate data and documents secure. Just as they take good care of their hard drives and pen drives, they should also take care of the cloud to prevent their data from ending up in the wrong hands.