For several years, “cloud” has been the inevitable trend in the IT space.
Businesses are increasingly rolling out different cloud applications, enabling employees to access information stored in the cloud and instantly share it with geographically dispersed colleagues through their laptops or phones. However, as cloud tools grow in popularity, so do the security risks.
With employees sharing sensitive company and customer data and documents on cloud-based platforms, what can you really do to protect your business, its intellectual property, customers’ data, and ultimately your reputation and bottom line?
The weakest link
Given the huge impact of all things online on our personal and professional lives in the always-connected world, it’s impossible for you to shield your business from all Internet-related security risks.
In fact, a recent report shows two-thirds of project managers can access sensitive data within their organisation, yet only half can easily see who has changed or downloaded a document.
In addition to using their own smartphone or tablet for work, users have adopted a range of different cloud-based tools to help them carry out their work. Recent hacking attacks have illustrated how your business is only as secure as its weakest link – who is traditionally the user.
Unless your employees consist of security experts, they are not likely to be aware of and therefore look out for advanced security features such as two factor authentication when adopting new cloud tools.
Trust, assurance and protection
In the context of cloud tools and online collaboration, IT security is built on three pillars: trust; assurance; and protecting your data with the right security controls. Trust includes things such as the privacy statement and cookie policy of the cloud-based collaboration platform. Assurance is a certification or a stamp of approval from a third party. Protection refers to how all businesses need to be aware and prepare for all aspects of a security threat.
While it may be difficult to protect your company from advanced persistent threats, at the very least you should strengthen the “detect” and “response” aspects of these pillars by keeping an eye on the threat warning signs and having a response plan in place, so that you can detect and respond to attacks, minimising possible damage.
In a perfect world, every cloud solution would adhere strictly to these three pillars. However, that’s not the case when it comes to some free tools. Everything comes at a price, and some solutions’ revenues depend on the data that you store in their cloud. What this means is that some of these companies sell ads based on the content of your data.
Furthermore, they are sometimes the owners of the data that you upload – so your business-critical, sensitive documents are not ‘yours’ in the traditional sense of the word.
The need for some free cloud tool providers to mine the information is the reason why your data sometimes isn’t encrypted on these platforms either. In order for data mining technologies to run efficiently, encryption is not an option for free users; instead security technologies like encryption and secure login are add-ons for paying users.
When it comes to third parties accessing your data, its physical location is also a key consideration. For example, if you are using a US cloud collaboration service with servers located in the US only, your data comes under US legislation, and is accessible to US government agencies such as the NSA.
Tie up loose ends
So what can you do? Ultimately, there is no point in fighting back, as your employees are bound to embrace any tool or technology that will make their lives easier by enabling them to access the data and documents they need whenever, wherever.
The key is to adopt a simple, open, company-wide policy and to achieve a balance between security and user friendliness in any technology choices you make, allowing employees to make the most of cloud-based tools. Tie up loose ends by educating your staff about the issues involved, including the potential dangers of using free collaboration tools.
While they shouldn’t lose trust in the cloud, make sure that employees understand the possible consequences for the business if sensitive customer information or intellectual property land in the wrong hands, such as large fines, a tainted reputation or even a damaged bottom line.
Taking simple measures, such as making sure employees read the small print when signing up to cloud services or letting the IT department know about the tools they’re using, can help ensure your business won’t be at risk.
Breaches are inevitable, but lack of preparedness is not. By making the right technology choices and engaging with your employees, you can turn the potential pitfalls of cloud-based tools into a competitive advantage.
Erkan Kahraman is chief trust officer at Projectplace