For many small businesses, cloud storage offers efficiency, data mobility, and greater security than they are able to implement in an on-premise solution.
Yet, that security is only guaranteed if a small business is correctly using their cloud storage – including implementing additional security measures and following necessary regulations.
Clutch, a B2B research, ratings, and reviews firm, recently surveyed 300 IT decision makers at U.S. small businesses using cloud storage.
Clutch approached Patrick R., Intuz’s Head of Strategy, to offer expert analysis on the data.
Clutch’s survey report offers insight into small businesses’ cloud storage providers’ security.
Small Businesses are Confident in Cloud Storage Security, But Risks Remain
Nine in ten small businesses are “very” or “somewhat” confident in their cloud storage provider’s security. This is up 3% from the 2016 survey.
Yet, small businesses may be putting sensitive customer data at risk by not following critical industry regulations. Over 60% of small businesses that store customer credit card and banking information say they do not follow industry regulations, while 54% of small businesses that store medical data say the same.
Businesses storing customer credit card/banking information or medical data should be following the Payment Card Industry Data Security Standard or the Health Insurance Portability and Accountability Act, respectively.
Patrick of Intuz listed multiple reasons why these small businesses may not be following required industry regulations, including:
- Auditing of the compliances
- More efforts to manage and maintain it
- Budget implications
Patrick discusses the implications of a small business storing credit card information and not following PCI: “If any application stores customer credit card or banking information, then they need to be PCI DSS compliant. Otherwise, the trust of end user will not be gained, and if any data gets stolen then there is a chance it will lead to big issues in their business.”
Nearly three-fourths of small businesses are following the International Organization for Standardization’s (ISO) regulation for protecting data in the cloud, though. While this regulation isn’t often as critical as PCI or HIPAA, it offers key support for cloud storage security.
Patrick said that ISO might be so popular due to three factors:
- Controllable infrastructure
- Repeatable testing
- Automatic traceability
What Should Small Businesses Do to Protect Their Cloud Storage?
These risks may lead small businesses to hesitate before committing to cloud storage for their data. However, cloud storage offers numerous benefits, including increased security compared to an on-premise solution – when used correctly.
Patrick offered two key recommendations for small businesses seeking to protect their data in the cloud:
- “Implement a strong encryption plan. We can implement client side or server side encryption method for data which are stored in the cloud.
- Provide limited access. Define the set of rules to access the data for securing clouds.”
Both of these behaviors can help protect your cloud storage from both employee error and outside hackers.
Encryption is powerful because it requires almost no involvement from users to remain secure.
“Encryption provides security to data at all times,” said Patrick. “Encryption works during data transport or at rest, making it an ideal solution no matter where data is stored or how it is used.”
Limited access is crucial because every additional user added to your cloud storage increases the risk of a security breach.
To learn more, read Clutch’s full report on cloud storage security.