Cloud Security – 5 ways it’s much safer than you think

To some IT managers the thought of getting rid of their on-site servers and moving to a public or private cloud based approach because it’s “more secure” seems ridiculous.

Surely sensitive company data is better kept on-site under their own control rather than out on the web where it’s susceptible to countless hackers and breaches?

Right?

Well… not so much. The security that is offered from cloud solutions often goes way above and beyond what is possible with an on-premise setup. That might seem like a bold claim but to help convince you the following five reasons should help.

1. Better ransomware resilience

Unfortunately neither the cloud or on-premise setups are 100% immune from ransomware attacks. Recent government statistics show that 2 out of 5 UK businesses have identified a breach¹. Determined individuals will find a way into your systems.

But what matters is how fast you can recover from an attack and that’s where cloud security offers better resilience. Traditional on-site backup tapes will help you recover to a certain degree but this recovery approach takes time to complete giving you large Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).

On the other hand cloud based backups offer much more effective business continuity. Solutions which offer a constant sync and replication of your servers into virtual servers allow you to measure RTO’s in minutes rather than days and an RPO of just seconds worth of lost data.

Statistics show that up to 60% of companies don’t recover after a cyber attack and go out of business within 6 months² – can you afford to put your organisation at risk by relying solely on an on-site backup and recovery approach?

2. Physical security

For some the idea of their servers being in their office where they can see them and protect them feels like the best approach rather than having it all sit off-site. However by moving your data into a data centre owned by a cloud provider you are getting a level of physical security that you are unlikely to be able to match yourself. This includes (but is not limited to):

• CCTV
• Intruder detection
• Monitoring and logging of every occasion where data is accessed
• Anyone wishing to enter the data centre will be security vetted
• Environmental controls to protect from fire, water and even bombs

With data centres you also get the best availability and back ups. Data centres will anticipate failures and ensure your data will be failed over to another site to prevent any interruption to your service.

3. Unrivalled investment

The budgets of a single company compared to a large public cloud provider are the definition of David vs Goliath, and this has a major impact on security.

For example, Microsoft invest up to $1 billion every year³ to improve the security within their cloud offerings. No in-house IT team can compete with this level of investment and continuous development of security-based skills. Instead many in-house IT teams find themselves working flat-out fighting fires, often unable to focus on the strategic side of their systems and can find themselves forced into situations where they have single-person dependencies.

This environment isn’t conducive to provide the level of constant learning and improvement that is essential to ensure their systems meet the latest security requirements needed to stay one step ahead of hackers. Surely it makes more sense to piggyback on the skills and finances that large cloud providers can provide?

4. Better insider threat protection

Whilst a lot of focus is placed on external threats when it comes to IT security, could it be that a bigger problem could be much closer to home?

76% of companies say they are more worried about insider threats to their business⁴. Disgruntled employees or those who are leaving and want to take certain data with them so they can hit the ground running in their new role can cost companies up to $513,000 on average each time⁵.

On-premise forms of protection such as restricting USB access, blocking file sharing websites, restricting printing and key logging software are good at stopping the majority of insider threats.

But what if you could stay one step ahead and even predict when an insider attack was going to happen? Cloud based solutions now offer machine learning which monitor user activities so that they are able to work out behavioural patterns. Then when a user starts displaying behaviour outside of the norm e.g. excessive accessing of customer records or logging on earlier or later in the day than they usually do, the system can flag this up to you.

So rather than use technology to provide evidence of who typed what or downloaded a certain file after an attack has taken place, by which time the damage could be done, it is ultimately more secure to get ahead and prevent attacks before they occur. This is another example where cloud security offers more than on-site.

5. Compliance

Finally, with a cloud based approach the provider of your data centre will provide you with a level of compliance you would be unlikely to match with an in-house team. With so many compliance programs around including ISO 27001, ISO 9001, Cyber Essentials, G-Cloud etc it could realistically be a full time job just to keep up-to-speed with all of them. For organisations with small IT teams this is a luxury they are unlikely to be able to afford but it is something you can benefit from by moving to a cloud provider who has these certifications already.

Conclusion

Hopefully the above 5 reasons help illustrate just a few ways in which the cloud offers your organisation more levels of security than you first thought. To find out more about the range of Managed Services MRI offer please get in touch today.

Sources:

1. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/701840/CSBS_2018_Infographics_-_General_Findings.pdf
2. https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html
3. https://news.microsoft.com/stories/cloud-security/
4. https://securityboulevard.com/2019/11/33-alarming-cybercrime-statistics-you-should-know-in-2019/
5. https://www.ekransystem.com/en/blog/insider-threat-statistics-facts-and-figures#:~:targetText=The%20Ponemon%20Institute%202018%20Cost,to%20%2411.1%20million%20a%20year.