We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,131 News Articles

Small businesses are moving to cloud storage despite having significant reservations

Security concerns are on the rise as more businesses entrust sensitive data to the cloud

Business use of cloud services for handling sensitive infomation is skyrocketing, and a new study finds that corporate anxiety about the security of that information is rising right along with it.

In the survey conducted by the Poneman Institute for the encryption key management company Thalus e-Security, more than half (53 percent) of the 4,205 business and IT managers surveyed said they were already sending sensitive data to the cloud. Another 31 percent of the respondents, from seven countries--the United States, Australia, Brazil, France, Germany, Japan, and the United Kingdom--said they expected to do so within the next two years. But what's even more interesting is that 35 percent of the companies surveyed said their firm's security exposure was worse as a result.

Richard Moulds, vice president in charge of strategy for Thales e-Security, said businesses should be concerned about the security of sensitive data in the cloud, even though most services promise to encrypt it. Once data leaves the premises, he said, businesses have little way of knowing how the encryption is managed. Small businesses in particular face increased security risks because their data is often kept on servers that host multiple customers.

Moulds likened most cloud encryption guarantees to providing a door lock without safeguarding the key. "It isn't about how well your door lock works. If you've got your key under a flowerpot on the front doorstep, there's not much point."

What small businesses can do

While small businesses generally cannot afford the enterprise-level encryption-key management that Thalus provides, Moulds said they can take steps to ensure the safety of data sent to the cloud, either through hosted infrastructure or specific applications.

First, a business should assess the level of sensitivity in the types of data it entrusts to the cloud in order to develop an encryption-key policy. Data can be encrypted in multiple places--for example, you might encrypt a credit card database on your own servers, in cloud storage, and in the applications that use credit card info. Businesses might spend less on encryption services for less sensitive data.

Mould also suggested that businesses that use cloud-based infrastructure consider using a different provider to manage encryption.

You can learn more about emerging standards and practices for cloud security at the web site of the Cloud Security Alliance, an industry trade group.


IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Evernote Skitch: the best way for creatives to doodle feedback