Our Director of Cyber Security and Electronic Counter Measures, Gurpreet Singh Thathy has been working within the field of Cyber Security for many years, and one of the more common questions clients ask him is, whether the Cloud is safe for storing data.
Govts and businesses have spent the last two decades heading to the Cloud. It is estimating that more than 95% of new digital workloads will be deployed on Cloud-native platforms by 2025, a dramatic increase from 30% in 2021. In those past 20 years, Cloud service providers have sold us the idea that they have limitless storage, robust infrastructure and the knowledge, experience, and personnel to keep our data safe. However, in an interesting recent turn of events the US Govt. is concerned that the Cloud is becoming a huge security vulnerability and the Biden administration is embarking on the nation’s first comprehensive plan to regulate the security practices of Cloud providers such as Amazon, Microsoft, Google and Oracle.
In our experience, many SMEs understandably favour the Cloud as their services take the burden of security from them, such as upkeep of infrastructure and software patching. However, this growing reliance on the Cloud is bringing new security challenges to an already complex problem. That’s because as enterprise IT stakeholders’ understanding of and confidence in implementing the Cloud has improved, so has the sophistication of threat actors that want to leverage its complexity for malicious intent. Indeed, when it comes to Cloud breaches, most IT professionals agree that it’s not a case of IF one will happen, but WHEN and enterprises need to be prepared.
Valkyrie has found that SMEs need more experience or resources to maintain the safety of products and arm themselves with the knowledge and expertise of the threat horizon. We believe Cloud providers should be doing more with security. Some providers sell these features as an additional bolt-on where, as we think, safety should be built within the software and provided within the existing package. An example of this is where SME’s haven’t paid for the enhanced data-logging features within the Microsoft infrastructure due to costs. Should these features be built in?
As previously mentioned, awareness is critical. Understanding where data is stored and how it is accessed, and what security is built around it is essential to combat a security breach – understand the risks and be proactive.