For some time now many businesses have cited security as one of the main reasons not to adopt the cloud. However, a new report has highlighted the fact that many businesses don’t even have the most basic security levels and procedures in place at the business premises to prevent attacks.
By basic, we’re talking a lack of security solutions such as anti-virus software being implemented, as well as a lack of vulnerability scanning. In fact, NTT Groups’ 2014 Global Threat Intelligence Report found that many of the systems that they scanned whilst carrying research for the report had unpatched vulnerabilities for which patches had been available for over two years.
The report studied more than three billion real world attacks that took place in 2013 and the results should serve as a wakeup call for many a business. Further to this, is also highlights the fact that cloud services are, in general, better protected than a large majority of systems that are hosted at the business premises.
This is especially true when it comes to incident response planning. Data centres tend to have disaster recovery plans set out and available to their customers, yet according to the report a massive 77% of businesses have no plan in place to respond to an attack. This of course puts a company’s data and that of its customers under a huge amount of risk and also could have serious implications when it comes to the bottom line, the company profits.
Breaches which affect customer data are often subject to a large fine, and the cost of an attack can be massive.
So why are cloud services, such as hosted virtual desktops, safer than the average business network?
Often, a data centre which hosts anything from applications to an entire IT infrastructure will have a layered approach to security which the NTT report has highlighted that businesses don’t. This could include:
According to the report, very few businesses have even two of these solutions and it’s this that’s leaving them open to attack and putting their data at risk. To some extent this is worsened by the fact that there is a lack of understanding at board level when it comes to both the value of data and the level of risk.
The report suggests working with security professionals in order to mitigate this risk, but for many businesses, outsourcing to the cloud will be the better, less expensive choice.
For example, with virtualised products such as hosted desktops, not only are every day applications hosted away from the business premises, but so is the data that is produced. This takes the responsibility away from the IT department when it comes to the time to apply patches and allows for secure, backed-up data.
Attacks are becoming increasingly sophisticated and whilst governments around the world are creating cyber task forces, intended to help businesses to understand and alleviate risk, it’s clear that this isn’t enough in many cases.
More than half of the businesses studied in the report had not applied software patches and as these are needed increasingly more frequently, this leaves the organisation at serious risk of a data breach.
Many applications require software updates on a monthly basis, from Windows, to Office, to Adobe products, it’s an ongoing requirement. If these are hosted in the cloud however, and the data centre agrees in the SLA that it will carry out the necessary updates, then the company is protected without having to reconfigure the IT budget.
The report should serve as a wakeup call for many companies. These days we hear about a new potential threat on a daily basis, but in reality, attacks are happening on a minute-to-minute basis and it’s vital that businesses understand this and move to mitigate the many risks.
This means that they must put in place a solid response plan (they should do this even if moving to the cloud), ensure that sufficient security software and practices are in place, and consider all options when it comes to the best way to protect business systems and data.
Moving to the cloud can help businesses to do this as it’s generally more secure than the average office. Since cloud services are also often paid on a month-by-month basis, it also means that companies can avoid the capital expenditure that might be necessary in order to bring security up to scratch.
Security is the responsibility of every business and it doesn’t have to be hugely expensive to get it right. Utilise cloud services and it’s highly likely that most businesses will be at least half way to ensuring that they are protecting their data as much as possible.