The recent continuing spate of data breaches across companies big or small have highlighted the fact that companies are increasingly unaware of the right security policies that need to be implemented. And, it also stems from the fact that more than 90% of the small businesses feel that their data on the cloud is secure. Also, many of these companies do not give importance to strong cloud storage security policies like strict adherence to two-factor authentication and so on. Shocking is the fact that 60% of the small businesses that store their customer credit card and financial information in the cloud take their compliance issues lightly with many of them not following the standard procedures to maintain cloud storage security. This is due to the fact that the small businesses haven’t themselves designed or added their security requirements and most probably have not inspected or tried to go deep into the types of controls and compliance status that the cloud service providers have offered them. Whereas, this has to be the first step for any small business while planning to put data in the cloud that they need to properly assess the security controls provided by the cloud service providers. They should take time to inspect whether the security given by the service provider is enough to protect the consumer data and achieve compliance standards. While it is true that small businesses do not have adequately trained staff to perform an in-depth risk analysis, but they can at least ask the help of the cloud service providers in attaining compliance reports as well as audit and control attestations. Also, the consulting firms should surely help the small businesses in interpreting the reports if they need assistance.
Cloud security is a shared responsibility between the enterprises and the cloud service providers. So, even if the service providers have their internal security measures in place, these small businesses cannot shrug off their own responsibility of cloud storage security. The first step in this would be to have strong account security controls to access the administration console and services of the cloud provider. There has to be flexibility in password strength and policy creation which enables the users to have strong and long passwords. The passphrases are the best form of resistance to brute cyber attacks when compared to a mix of alphabets, numerical and special character passwords. Cloud service providers doing support the use of multi-factor authentication (MFA), wherein, the logging is achieved not just by a simple user-name and password, but by one-time use pins, which are directed to the user mobile devices or emails. This popular form of two-factor authentication can be readily customized as per the requirements of these small businesses. Also, other tools can also be availed by the enterprises, which help in proper implementation and integration of these security features; thus making it simpler for them to actively deploy multi-factor authentication as long as they only have even the mobile devices. Small enterprises can seek assistance from the cloud storage providers to actively pursue security measures so that cloud storage security is achieved as well as regulatory compliance is met.
All businesses, irrespective of being big or small, should actively pursue matters of data protection when they store their sensitive data in the cloud. As a matter of fact, some controls already come attached to the cloud provider services when they avail the cloud storage facility. But, in addition to the data security and access controls, small enterprises need to look into security monitoring and alerting systems. But nevertheless, a strong dedicated staff focused on cloud security is essential else it may happen that the account hijacking and other cyber attacks go unnoticed right through their noses. Cloud providers can help enterprises to set up security controls and staff training. They can even offer some good tools that help in identification of suspicious behavior. But ideally, even the small enterprises should follow the practice of having cloud backups and other basic practices that will go a long way in maintaining cloud storage security as well as help in achieving compliance standards. This can be achieved through the assistance of third-parties like cloud security providers, for which CASB solutions come on top.