-By Stuart Scanlon, MD of epic ERP, and featured in IT Online –
South African businesses are now facing the truth that the cloud is an indispensable part of standard operating procedures required for the digital landscape.
The arrival of multinational data centres in the country, means more decision-makers are experimenting with transitioning their solutions and data to this online environment. However, the essentials of cyber security must never slip.
Data is fundamental in the connected environment and now more than ever companies rely on data analytics to draw insights and customise offerings. End-users must be comfortable sharing their personal information and safeguarding this information must be a business priority.
The reality is that nobody is safe, and no organisation can afford to assume they will not be targeted. According to the 2018 Cost of a Data Breach Study, the average cost of a data breach globally is more than R56 million. Given the complex regulatory environment when it comes to data protection, businesses can ill afford to only pay lip service to security.
Statistics show that almost a quarter of files in the cloud contain sensitive data. This can range from financial records to business plans. The same research found that sharing sensitive data with an open, public link has increased 23% over the past two years. Companies must do more to educate users on the risks associated with this.
The reality is that while the service provider takes responsibility for the data once it reaches their servers, the path the data takes to get there puts the onus firmly on the organisation. Companies must investigate the opportunities that private and hybrid cloud solutions provide.
Going the private or hybrid route provides a range of benefits. These offerings typically deliver automated, real-time, and exception-based options for organisations to carefully manage sensitive data.
According to Gartner, the biggest problem is not in the security of the cloud but rather in the control of technology. One of its most concerning statistics is that by 2022, at least 95% of cloud security failures will be the fault of the organisation and not the service provider itself.
These failures can link back to clicking on malicious links or misconfiguring servers and network devices. In fact, this has been classified as ‘inadvertent insiders’ (employees who unwittingly cause security incidents through negligent actions) accounted for nearly two-thirds of all data records that were compromised in 2017.
The human element
Human error being one of the most notable contributors to a lack of security, means that organisations must assess how they approach internal user education. Worldwide, most organisations admit that traditional security solutions do not work in cloud environments. Prominent risks are data loss, leakage, threats and breaches of confidentiality.
Clearly, anti-virus and firewall solutions are not comprehensive enough to protect against these threats. Everything from educating employees, encrypting data, implementing multi-factor authentication, limiting access control, testing security measures, and other elements must be considered indispensable.
By taking time to assess and strategise effective protection measures, organisations will be able to mitigate the risks inherent to data. Don’t be left open for attacks that can potentially result in the business having to close its doors.