It seems like there isn’t much these days that isn’t in the cloud. Entire businesses are launched and run from Rackspace, Amazon Web Services, or Microsoft Azure. On an individual level, people are using Dropbox, or OneDrive to store data, and pictures are automatically synced from smartphones and tablets to cloud services like Apple’s iCloud. A new study from the IBM Center for Applied Insights found, however, that many small and medium businesses are reluctant to embrace the cloud due to security concerns.
Nearly seven out of ten of the CISOs and security leaders surveyed by the Center for Applied Insights indicated that security in the cloud, and data privacy are both critical concerns. Cloud computing, and cloud services aren’t just a strategic advantage anymore, though, they’re tactical imperatives, and companies that fail to adopt them are severely handicapping themselves against competitors.
The silver lining is that a majority of the respondents actually understand the importance of the cloud. Organizations see the value and benefits that cloud computing bring to the table, but many are hesitant to move forward and take advantage because they also know that companies of all sizes are breached, and customer data is exposed on a regular basis. These organizations take data protection seriously, and don’t want to end up being the next data breach headline, so instead they’re paralyzed into inaction that will do just as much damage—it just might take longer.
There’s some good news for those companies. Securing cloud services, and protecting data in the cloud is a challenge, but it is not impossible. A majority of attacks target Web-based applications, yet only one-third of the companies surveyed have deployed an application scanning tool. The remaining two-thirds could significantly reduce the risk associated with embracing the cloud through that one solution.
Actually, I may have misspoke above when I said that securing the cloud and protecting data are not impossible. To some extent, it actually is. There is no perfect security, and an attacker with enough skill, time, and motivation will eventually find a weak point in your armor. Employing defenses like application scanning tools doesn’t guarantee security—it just raises the bar for the level of sophistication required to breach your network or compromise your data, and significantly lowers your exposure to risk.
With that said, the other crucial element of using cloud computing and cloud services without undue risk is monitoring. Companies have to stop thinking in terms of building a wall and protecting the inside network from all of the outside threats, or in terms of absolute security that prevents all attacks. Instead, organizations should function from the mindset that they absolutely will be attacked and breached, or that it has already happened, and employ tools like SIEM (Security Incident and Event Monitoring) for greater visibility into the network and cloud activity.
SMBs are right to be concerned about cloud security and data protection; however, that concern should not prevent companies from staying competitive. SMBs need to harness that concern, figure out how to address the security challenges that are holding them back, and jump into the cloud.
This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.