UK businesses poorly prepared for cloud security risks
A recent report has suggested that many British businesses lack the tools, protocols and skills necessary to ensure that their cloud computing processes are secured.
According to a survey undertaken by open-source security company AlienVault, just over 28 per cent of 900 IT experts described the cloud security knowledge at their firms as “novice” or “not very competent”.
A mere 18 per cent of respondents described their organisation as having “guru-level” or “very competent” online security knowledge, suggesting that most companies generally lack confidence or the necessary skills.
Javvad Malik, a security advocate at AlienVault, says that though the cloud computing industry has evolved by leaps and bounds in recent years, organisations’ security practices have not kept up.
He added: “While cloud offerings can benefit companies greatly, they do introduce different types of risks that need to be understood and effectively managed by enterprises.”
The findings of AlienVault’s survey make for grim reading in the light of GDPR’s upcoming implementation in the UK, which will mandate data controllers and processes to be held accountable for any security breaches surrounding their customers’ data.
Malik says that the problem is being exacerbated by organisations being unaware of exactly how much of their data exists in the cloud, thanks to decentralised accounting, marketing and similar services.
Others may rely too heavily on cloud service providers to take care of everything from maintenance, to uptime and development, despite companies having responsibility for the data they store. Another problem is that security products are often seen as an “add-on” to cloud services, especially when free trials tick over into permanent services without the involvement of, for example, a firm’s security team.
“The beauty and the danger of cloud is that it is so easy to go from a trial to switching into a full production environment without making any changes,” said Malik.