Protecting data in the cloud: Who’s responsible?

Is cloud storage more secure than on-premise?

While cloud storage is becoming an increasingly popular option for businesses today, it’s not necessarily more or less secure than on-premise. Rather, when it comes to cloud security versus on-premise, the answer is that it is highly dependent on how the data is being managed, encrypted and safeguarded.

So the most significant difference when it comes to cloud storage is for a business to ensure they have full disclosure over precisely what their cloud provider is protecting for them, and then go a step further to ensure the encryption and security measures are in place to safeguard them in case the first layer of protection fails.

Whose responsibility is it to ensure data is encrypted and protected in the cloud?

Contrary to popular belief, the cloud provider will not always provide the business with all the necessary tools to combat cyberattacks. It is up to the company to read the fine print to ensure they know what they’re getting from their cloud service provider (CSP).

As part of their usual agreements, CSPs generally only offer guarantees for their provided services, but not always for the customer’s data protection when on their servers. And it’s not just an issue of ‘lost’ data that employees mistakenly lay at the door of providers.

The assumption that cloud providers protect cloud data from ransomware attacks is potentially even more harmful. This is fundamentally incorrect and will continue to put businesses at risk.

The obvious solution is for a business to understand its CSP agreements and put measures in place that will help to restore mission-critical data if it’s lost or damaged.

What are some of the tools that enable IT departments to better optimise their cloud environments?

Multi-cloud environments are becoming increasingly complex to manage and businesses today have the added responsibility of safeguarding their own data within them, regardless of the CSP agreements in place.

The best way to ensure widespread protection of data is by asking for a little bit of help from experts in the field – that’s why we highly recommend businesses work with third parties who have the tools and expertise to automate security measure and relieve IT departments from the hard work.

What should businesses do to ensure their data is protected in the cloud?

In addition to deploying tools to help manage and automate protection, there are also a number of ways businesses can help maintain their data protection.

For example, having employees use a strong password or passwordless solution is an important way to increase the standard of protection within the business. Don’t be predictable when creating passwords, because the easier your password is to guess or crack with brute force, the faster a hacker can access your accounts.

This goes for encryption as well, which basically sets a password for all your most valuable files so that even if hackers get into your database, they won’t be able to access individual datasets.

Finally, two-factor verification is another way enhance your protection posture, as well as setting up user permissions to access specific data based on your organisational hierarchy. This ensures that staff only have access to the information they need to perform their jobs.

Read: Nearly 60% of UAE, Saudi firms need to boost cybersecurity spending, reveals report