Safeguarding Against the Security Pitfalls of Cloud-Based Platforms
Majority of us are intimately familiar with the concept of ‘the Cloud’, the seemingly omnipresent information sharing and storage solution. But how much do you know about the security systems that defend it? Most of you may already be using cloud-based programs such as GoogleDocs, DropBox or, more commonly, Microsoft 365 – the near ubiquitous email collaboration platform commonly found in most offices. However, as fears surrounding data security grow, an understanding of the risks and rewards of cloud computing is more important than ever.
Heaven is a Place on Earth
The adoption of cloud solutions has allowed large firms to find an opportunity to maximize revenue and continue to grow, despite having reached a size (or market share) where further growth seemed impossible. On the other side of the spectrum, SMEs - a group that is often quick to adopt cloud computing - enjoyed a competitive edge over their larger and more established counterparts, allowing them to maximize their potential and remain agile in comparison to their competition.
The statistics surrounding the adoption of cloud computing speak volumes about the effectiveness of the range of tools available; research by IDG Communications revealed that nine out of ten firms (550 surveyed) in 2019 will have at least some part of their infrastructure or applications on the cloud, whilst the remaining tenth are likely to adopt a cloud-based solution by 2021. Furthermore, an article posted by McKinsey Digital supports this view, claiming that “cloud-specific spending [is] expected to grow at more than six times the rate of general IT spending through 2020”. The evidence is overwhelming; cloud computing, for better or for worse, is here to stay. As the InfoWorld article concludes “it is no longer a question of if organizations will adopt cloud, but how”.
Paradise Lost
Whilst it is easy to fixate on the benefits of cloud computing, firms must also be wary of the (less discussed) dangers. The cloud has been the subject of a number of high profile data breaches in recent years, most notably the theft of valuable data from sites such as Dropbox, Yahoo and, the first of the major data breaches; Microsoft’s Online Suite. Any firm that chooses to use these tools must place their trust in their data storage provider, and their ability to protect the firm’s valuable data from would-be hackers.
A common misconception amongst SMEs is that only the larger conglomerates are at risk of data theft. Regardless of the size of your firm, the sector you operate in and the product/service that you provide, a data breach could be catastrophic to your client relations and competitive edge. Moreover, not all data breaches are the result of a targeted digital assault on a particular firm, but instead from malicious programs designed to spread throughout the internet and coax employees into divulging important information, a process colloquially known as ‘phishing’.
As we have previously discussed in our other blog posts about the pros and cons of multi-factor authentication and email security, often, the weakest link in the chain is human fallibility. Employees who have not been correctly educated on the methods with which hackers will breach secure networks may well open emails deceiving them into uploading sensitive data or that contain malware or request user details, thus exposing the entire network.
Microsoft Office 365 is a fantastic tool, but firms should not rely on the program’s default firewalls and threat-flagging system to act as the only line of defense between your data and potential threats. This is reflected in the research published by Clearswift in its recent whitepaper on ‘Information Security in Microsoft Office 365’, in which more than 50% of IT decision-makers reported that “the use of cloud applications beyond the IT departments control was a concern”, whilst 10% reported that cloud-based applications had already resulted in a security breach within their organization.
Protecting the Pearly [Email] Gates
It is largely accepted that the value of cloud computing outweighs potential threats. The value that cloud solutions bring to firms, both large and small, are too significant to be offset by the inherent dangers, but that is not to say that these dangers cannot be minimized. MO365 is a solid product with some basic cyber-security tools, but all firms – regardless of their size, sector or service – should employ a tiered security system to ensure that their networks and their data are as secure as possible.
This may take the form of educational seminars on cybersecurity, the use of multi-factor authentication, and data protection software (such as Clearswift’s Secure Email Gateway), or ideally all three. These systems all add another layer of defense which, in combination with Microsoft Office 365, security systems make your firm a much harder target for cyber-attacks.