Small- to medium-sized businesses (SMBs), organizations with 50 to 500 employees, currently rank security as their top priority when shopping for a cloud storage provider and yet a whopping quarter of SMBs still only use a free version of cloud storage – likely the least secure option. More worryingly, a small but significant percentage of SMBs use free cloud storage services to store sensitive data such as banking and medical information.
According to Cloud Storage and Security: The Rundown, a new survey from Clutch, 87% of SMBs believe the cloud is “very or somewhat secure,” a nearly universal misconception. For example, earlier this year, 51% of IT executives said they are more confident in the security and reliability of public cloud than they used to be, possibly more than their own data centres, and yet there’s very little data to back up this confidence. The Dropbox breach demonstrated that no cloud was invulnerable. Indeed, placing the onus on the cloud provider to “take care” of security is a dangerous mindset, one that may cause organizations to overlook critical areas of data security.
According to the Clutch survey, the same issues that plague data centre security plague cloud security. Indeed, the biggest threat to cloud security is the same: human error. According to penetration testing by SkyLink Data and Business Services, a simple spear phishing attempt was able to reveal a CFOs password in 15 minutes, giving full and unfettered access to the cloud.
“A lot of these things aren’t just magic,” said Estes of Qubole. “My data isn’t suddenly secure just because I put it in the cloud. There’s a lot of things you do. The cloud enables the security of data as long as you do things correctly.”
According to a Ponemon study, the biggest gaps in current endpoint security models exist in unprotected mobile devices, the insider threat, and the use of third-party cloud applications. The 2016 Shadow Data Threat Report revealed that nearly all business cloud applications lack enterprise-grade security and compliance features, which doesn’t speak well for the free applications being used by SMBs, which presumably have even lower standards. The latter report also demonstrated high rates of attempts to both exfiltrate data as well as attempts to hack into user cloud accounts, bot instances which put corporate data and corporate network access at risk.
Absolute is helping confront the dangers of unmonitored cloud storage use and the ongoing Insider Threats putting data at risk on the endpoint and in the cloud. Absolute Endpoint Data Discovery (EDD), which comes as part of Absolute DDS. Using Absolute DDS, you can determine if sensitive data is being stored on endpoint devices, even if stored in cloud applications, with remote capabilities to wipe data and remediate security threats. Whether that endpoint is downloading sensitive data from the corporate data centre or the cloud, it still needs to be protected. To learn more, get started with your free evaluation version of Absolute DDS today.
Get started with your free evaluation version of Absolute DDS today.