Shared Publication

MARKET REPORT Cloud Storage “One of the main advantages of cloud storage is the ease and speed of deployment and scalability, but these features can also be a security Achilles’ Heel” Matt Aldridge, Senior Solutions Architect at Webroot FREE INSTANT-ACCESS ONLINE STORAGE There are many free to use on line storage offerings that are frequently changing in terms of the amount of data that can be stored before charges apply. The best known are as follows. • Google Drive: 15GB free • Box: 10GB free • OneDrive: 5GB free • Amazon Drive: 5GB (+ unlimited photos with Prime) • iCloud: 5GB free • Dropbox: 2GB free (up to 18GB with referrals) • BT Cloud: 10GB-1TB ‘free’ with BT broadband All clouds are not equal, and those sanctioned and managed by IT will likely be more secure and less at risk of a breach – but not always. e rst step is to accurately map any organisations cloud usage, and a CASB (cloud access security broker) solution is a good start. Once mapped, levels of risk can be identied, along with what specic kinds of threats an organisation might be susceptible to. Pinpointing these is much simpler by benchmarking against industry best practice and standards. But organisations should also be holding themselves accountable to these best practices. It’s about instilling a security culture, and that’s much easier to do from the start. Protecting data requires signicant controls but it always needs to be balanced against access. Organisations should be creating behavioural proles based on the normal usage patterns. ese proles account for variation between employees and enable security measures to be adapted accordingly. Automated alerts or hybrid cloud approaches (where some data is kept on-premises and other information hosted remotely) are further options that can be taken to bolster cloud security eorts. If businesses are to have any chance of exposing security blind spots and adequately protecting their sta and data, they need to put proper discovery, governance and protection at the top of their priority list.” Matt Aldridge, Senior Solutions Architect at Webroot, believes that there is an assumption amongst businesses that a cloud storage provider will provide all of the necessary security protection for the cloud-hosted services. “Although many of the leading cloud service providers are beginning to build more comprehensive and advanced security oerings into their platforms (often as extra-cost options), cloud hosted services still require the same level of risk management, ongoing monitoring, upgrades, backups and maintenance as traditional infrastructure. Management access controls, multi-factor authentication, data encryption, backups and SOC monitoring of these platforms can sometimes be lacking, or not enabled or included as standard. One of the main advantages of cloud storage is the ease and speed of deployment and scalability, but these features can also be a security Achilles’ Heel. Default security posture can vary between vendors and rapidly prototyped solutions can be brought into service without adequate oversight from security teams. We continue to see reports of massive cloudhosted le stores and databases being left unprotected by companies, leading to massive leaks of condential, personal and business data. To prevent misuse and reduce the risk of human error, it is critical that like all other infrastructure components, cloud storage solutions are properly evaluated, protected and maintained.” According to Justin Dolly, Chief Operating Ocer & Chief Security Ocer atSecureAuth Corporation, cloud services are a fantastic mechanism for companies to potentially save money and reduce the level of expertise that is required within the company. “ere is likely not a single company in business today that does not utilise some form of cloud service from payroll, to backup services, to human resources. But shifting services and data to the cloud can mean relinquishing some control over security and protections. erefore, all cloud storage vendors must maintain a certain level of security control based on the sensitivity of the data that they are collecting, storing and processing. And cloud services vendors must establish and maintain trust within the community and the industry as a whole. Everyone must assume that it is not a matter of ‘if’ a company will get compromised, but ‘when’ to ensure every precaution is taken. © Gorodenko-stock.adobe.com > 48 | Comms Business Magazine | August 2019 www.commsbusiness.co.uk /www.commsbusiness.co.uk