MARKET REPORT Cloud Storage
“One of the main advantages of cloud storage is the ease and speed of deployment and scalability, but
these features can also be a security Achilles’ Heel”
Matt Aldridge, Senior Solutions Architect at Webroot
FREE INSTANT-ACCESS ONLINE STORAGE
There are many free to use on line storage offerings that are frequently
changing in terms of the amount of data that can be stored before
charges apply. The best known are as follows.
• Google Drive: 15GB free
• Box: 10GB free
• OneDrive: 5GB free
• Amazon Drive: 5GB (+ unlimited photos with Prime)
• iCloud: 5GB free
• Dropbox: 2GB free (up to 18GB with referrals)
• BT Cloud: 10GB-1TB ‘free’ with BT broadband
All clouds are not equal, and
those sanctioned and managed
by IT will likely be more secure
and less at risk of a breach
– but not always. e rst
step is to accurately map any
organisations cloud usage, and
a CASB (cloud access security
broker) solution is a good start.
Once mapped, levels of
risk can be identied, along
with what specic kinds of
threats an organisation might
be susceptible to. Pinpointing
these is much simpler by
benchmarking against industry
best practice and standards. But
organisations should also be
holding themselves accountable
to these best practices. It’s about
instilling a security culture, and
that’s much easier to do from
the start.
Protecting data requires
signicant controls but it always
needs to be balanced against
access. Organisations should
be creating behavioural proles
based on the normal usage
patterns. ese proles account
for variation between employees
and enable security measures
to be adapted accordingly.
Automated alerts or hybrid
cloud approaches (where some
data is kept on-premises and
other information hosted
remotely) are further options
that can be taken to bolster
cloud security eorts.
If businesses are to have any
chance of exposing security
blind spots and adequately
protecting their sta and
data, they need to put proper
discovery, governance and
protection at the top of their
priority list.”
Matt Aldridge, Senior
Solutions Architect at Webroot,
believes that there is an
assumption amongst businesses
that a cloud storage provider
will provide all of the necessary
security protection for the
cloud-hosted services.
“Although many of the
leading cloud service providers
are beginning to build more
comprehensive and advanced
security oerings into their
platforms (often as extra-cost
options), cloud hosted services
still require the same level of
risk management, ongoing
monitoring, upgrades, backups
and maintenance as traditional
infrastructure. Management
access controls, multi-factor
authentication, data encryption,
backups and SOC monitoring
of these platforms can
sometimes be lacking, or not
enabled or included as standard.
One of the main advantages
of cloud storage is the ease
and speed of deployment and
scalability, but these features
can also be a security Achilles’
Heel.
Default security posture
can vary between vendors and
rapidly prototyped solutions can
be brought into service without
adequate oversight from
security teams. We continue to
see reports of massive cloudhosted
le stores and databases
being left unprotected by
companies, leading to massive
leaks of condential, personal
and business data. To prevent
misuse and reduce the risk of
human error, it is critical that
like all other infrastructure
components, cloud storage
solutions are properly evaluated,
protected and maintained.”
According to Justin Dolly,
Chief Operating Ocer
& Chief Security Ocer
atSecureAuth Corporation,
cloud services are a fantastic
mechanism for companies to
potentially save money and
reduce the level of expertise that
is required within the company.
“ere is likely not a single
company in business today
that does not utilise some form
of cloud service from payroll,
to backup services, to human
resources. But shifting services
and data to the cloud can mean
relinquishing some control over
security and protections.
erefore, all cloud storage
vendors must maintain a certain
level of security control based
on the sensitivity of the data
that they are collecting, storing
and processing. And cloud
services vendors must establish
and maintain trust within the
community and the industry as
a whole. Everyone must assume
that it is not a matter of ‘if’ a
company will get compromised,
but ‘when’ to ensure every
precaution is taken.
© Gorodenko-stock.adobe.com
>
48 | Comms Business Magazine | August 2019 www.commsbusiness.co.uk
/www.commsbusiness.co.uk