Guest Column | October 1, 2020

How VARs And MSPs Can Help SMBs Secure Data In The Cloud

By Fran├žois Amigorena, IS Decisions

Security Lock

The increasing use of cloud storage platforms has changed the way companies work. Being able to access files and folders from any device you want, and from anywhere in the world has revolutionized modern business. Benefits include enhanced productivity and increased employee collaboration.

However, these benefits don’t come for free. Trusting a third party with your sensitive corporate, customer, or employee data is pretty difficult for organizations because it makes data security arguably harder. This is a big opportunity for managed service providers (MSP) and value-added resellers (VAR) and they need to take advantage of it.

SMBs Are Worried About Their Data Stored In The Cloud

With the use of cloud storage among businesses on the rise, we recently commissioned research into the perceptions of cloud storage security for small to midsize businesses (SMBs).

The findings showed that 61 percent of SMBs don’t trust that their data is safe in the cloud, and nearly half of them (49 percent) believe the native security of their current cloud storage provider is not strong enough to protect their data.

Those with hybrid storage (on-premises and cloud) infrastructure are especially struggling with security. The reason they’re struggling is that they don’t have consistent security across IT infrastructures and keeping track of the security across on-premises and cloud storage environments without a single consolidated view is challenging.

The Fear Of Unauthorized Access

Once you start to unpick these perceptions of cloud storage, the reasons why they still exist become clear. We found the main worry comes from detecting unauthorized access, and the havoc it can cause.

With cloud-based storage, the ease of sharing data among teams and simple integrations their storage can have with other cloud applications significantly increases the prospect of unauthorized access. From a productivity point of view, that makes complete sense, but from a security standpoint, it’s a nightmare.

What would stop an attacker if they can obtain corporate credentials? If an employee’s login credentials were to fall into the wrong hands, a perpetrator could, in theory, gain access to sensitive files and folders from anywhere in the world using any device.

Bad Decisions Come From This Fear

Using the cloud now is almost a mandatory part of business, and those that don’t take advantage of its benefits are ultimately shooting themselves in the productivity foot. SMBs are therefore looking for “roundabout ways” to try and balance security and productivity. Not knowing really what to do leads to some pretty bad decisions:

For example, when it comes to monitoring data in the cloud, SMBs are either doing it inefficiently, irregularly, or not at all.

  • We found most organizations (80 percent) just rely on the native security of the cloud provider.
  • Of those 80 percent, 42 percent monitor access manually every day. This is an incredibly time-consuming and complex task, and of course, prone to human error.
  • Just over a third monitor access on an ad hoc basis (38 percent). This is less time-consuming but more prone to missing an attack or finding out about it too late.
  • And, worryingly, 9 percent don’t monitor access at all, which makes identifying the source of a breach incredibly difficult when it inevitably happens.

Our findings in this area were unbelievable. It means that SMBs are spending a huge amount of time manually monitoring access, which is expensive and unpractical while some others don't monitor regularly or only after a breach, which is equally as bad.

It’s Not Only About Protecting Your Own Data

Another roundabout decision we found is that 21 percent keep their most sensitive data on-premise because they don’t trust its security in the cloud.

But when asked what constitutes sensitive data, only 74 percent stated their corporate credit card data was sensitive, 71 percent said their employees’ personal information was sensitive, just 62 percent said client contact details were sensitive, and worryingly, only 53 percent said their clients’ data was sensitive!

Understanding what is deemed sensitive is the first help some SMBs need.

More and more organizations choose their suppliers depending on the strength of their cybersecurity strategy. Business-wise, it’s extremely important to demonstrate you have an effective cyber-posture as it can make the difference between winning and losing new business, as well as retaining old clients.

The Opportunity For MSPs And VARs

This whole trust issue provides great opportunities for managed service providers (MSPs) and value-added resellers (VARs) to help SMBs. But what’s the solution, and how can you take advantage of it?

Only 10 percent of SMBs are using a third-party solution to monitor their data across their storage environments. This shows a clear gap in the market that can help solve an issue that has existed since the beginning of cloud storage.

Solutions now exist that can continuously monitor files and folders access across cloud and on-premises servers, alerting IT teams to any unusual behavior. This significantly reduces the risk of unauthorized access and data leaks.

Third-party monitoring solutions also can flag all types of abnormal behavior, such as access at an unusual time of day or access from a new device or an unusual location. If IT teams know about abnormal behavior straight away, they can then take measures to mitigate the damage. This kind of technology can be one of the many useful ways for organizations to protect their data in the cloud.

About The Author

FrancoisFrançois Amigorena is the founder and CEO of IS Decisions and an expert commentator on cybersecurity issues. IS Decisions software makes it easy to protect against unauthorized access to networks and the sensitive files within. Its customers include the FBI, the U.S. Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies; and save time and money for the IT department.