Cloud adoption continues to see significant growth across businesses ranging from SMBs to enterprise organizations. In fact, worldwide public cloud end-user spending is projected to grow 18% in 2021 to reach $304.9 billion, according to Gartner.
However, despite the consistent move to the cloud, some businesses are still not sold, with 66% of IT professionals citing security as their greatest concern in adopting a cloud computing strategy. They are valid concerns too, particularly if SMBs don’t have a trusted partner to guide them and help mitigate risks. Indeed, Gartner anticipates that through 2025, 99% of cloud security failures will be the customer’s fault.
When talking with your managed services customers or prospects about why they need help expanding and securing their business in the cloud, here are the top issues to have them consider:
1. Misconfiguration
Misconfiguration of cloud infrastructure is a leading contributor to data breaches. If an organization’s cloud environment is not configured properly, critical business data and applications may become susceptible to an attack.
Because cloud infrastructure is designed to be easily accessible and promote data sharing, it can be difficult for organizations to ensure that only authorized users are accessing data. This issue can be exacerbated due to a lack of visibility or control of infrastructure within their cloud hosting environment.
In short, misconfiguration poses serious cloud security issues to businesses and the fallout can detrimentally impact day-to-day operations. To prevent misconfigurations, those responsible for overseeing the organization’s cloud solution should be familiar with the cloud service provider’s security controls and other third-party service providers and their tools.
2. Cyberattacks
Cybercriminals and threat actors are constantly practicing and perfecting their hacking capabilities, and cloud environments are quickly becoming one of their primary targets. According to the 2020 Trustwave Global Security Report, the volume of attacks on cloud services more than doubled in 2019 and accounted for 20% of investigated incidents. Although corporate and internal networks remain the most targeted domains, representing 54% of incidents, cloud environments are now the third most targeted environment for cyberattacks, the report finds.
Organizations need to understand their cyber risk so they can make the necessary adjustments to proactively protect themselves. An MSP can help by performing threat assessments to identify both gaps in the current defense posture and weaknesses across a broad swath of the organization’s security technologies. From there, the MSP can offer remediation tactics to strengthen the efficacy of the organization’s cybersecurity solution.
3. Malicious Insiders
Cyberattacks don’t just occur from external threats. Insider threats are a major concern for businesses too. In fact, according to the 2020 Verizon Data Breach Investigations Report, 30% of data breaches involved internal actors.
While this is an issue for on-premises infrastructure, cloud environments face risk as well. Because of the nature of the cloud and the fact that the infrastructure is accessible from the public internet, it can be even more difficult to detect suspicious activity related to malicious insiders. And by the time any threats are uncovered, a data breach may already be underway.
An MSP can make sure its SMB customer has the proper security controls in place to identify malicious insider activity and mitigate risks before there are any significant impacts to business operations.
4. Lack of Visibility
A report by Forcepoint finds that only 7% of cybersecurity professionals have good visibility as to how employees use critical business data across company-owned and employee-owned devices, company-approved services (e.g., Microsoft Exchange), and employee services, while 58% say they have only moderate or slight visibility.
In a cloud environment, this lack of visibility can lead to potential security issues that put organizations at risk, including malicious insider threats and cyberattacks (discussed above). Partnering with a managed cloud service provider can alleviate these issues if the provider has stringent and effective security controls in place that also satisfy a business’s compliance requirements.
It is imperative organizations have comprehensive visibility into their cloud environment on a continuous basis. Managed cloud service providers can supply business leaders with real-time reports of network and user activity—among several other categories—to ensure quick detection and response in the event of a threat.
5. Data Leakage
One of the major benefits of cloud computing is the ease of sharing data and the ability to seamlessly collaborate with colleagues and even external individuals. However, because data sharing in the cloud is typically done by direct email invitations or distribution of a public link to a specified group of users, this can increase risk.
By sharing public links—or changing the settings of a cloud-based file to “”public””—anyone with knowledge of the link can access the information stored within them. Additionally, hackers leverage tools to actively search the internet for instances of unsecured cloud shares just like these.
If these resources contain proprietary company data or sensitive information and wind up in the wrong hands, there is an immediate threat of a potentially serious data breach, which can impact your SMB customers.
6. Inadequate Staff
Migrating to the cloud possesses its own set of challenges, and some organizations believe the hard work is done once they have transitioned all their critical assets to a cloud environment. In reality, cloud migration is just one step in the journey, and to get the best results, ongoing monitoring and management of cloud infrastructure is a necessity.
Proper planning, assessment, migration, deployment, and management of a business’s cloud solution is a time-consuming task that requires a very specific set of skills. It is not often that organizations—especially SMBs—commit the time, money, or resources solely to their cloud infrastructure. If any of the steps during the cloud adoption process were missed or not adequately configured, it could lead to security issues and other challenges.
It is best practice for businesses to work with a partner that has all the cloud capabilities needed to complement in-house expertise for a comprehensive and secure cloud solution.
7. Data Privacy
Data privacy has always been a concern for business leaders, but it is becoming even more important as the cybersecurity landscape continues to grow more complex. There are numerous regulations in place today, including the EU’s GDPR, HIPAA, PCI DSS, SOC 2, and many more, which were created to protect customer data. However, a survey by Commvault shows that only 12% of global IT organizations understand how GDPR will affect their cloud services.
Failure to abide by compliance measures can lead to serious penalties, including significant fines, or worse, a data breach that consequently damages the brand/reputation. A managed cloud provider familiar with data protection and compliance standards can share the burden.
Discussing the top security concerns outlined above with SMB customers and prospects and how an MSP can help them navigate the migration to the cloud safely will help allay their fears as they embrace the future.
CHUCK MA is director of cloud strategy at Buchanan Technologies, a managed IT service provider based in Grapevine, Texas.