How MSPs can help SMBs lock down data in the cloud
Giving IT managers the tools to detect and eliminate threats are among the best ways to keep sensitive data safe
There's no doubt the increasing use of cloud storage among organisations has changed the way most people work. The ability to access files and folders from anywhere in the world on whatever device you want has revolutionised modern business - paving the way to flexible working and a much happier workforce.
But these benefits have not come cheaply. The act of an organisation entrusting the safety of its data to a third party has made data security arguably harder, and here, there are some clear opportunities for managed service providers and value-added resellers to take advantage of.
Organisations are worried about their data in the cloud
Given that cloud storage has been knocking around for a few years, we recently commissioned research into the perceptions of cloud storage, to identify how secure small to medium-sized businesses (SMBs) believe the cloud is.
The findings showed that organisations are still wary of the security of their data in the cloud, despite its relative maturity. A majority believe their organisation's data is inherently "unsafe" in the cloud, while half believe that on-prem storage is safer.
The main risk is unauthorised access. The fact that any employee can access data from anywhere in the world means an attacker could potentially do the same if they can obtain the login credentials. Moreover, unauthorised access can wreak havoc for an organisation given how difficult it can be to detect.
They don't know what to do about it
The fact organisations are worried about their data in the cloud, and detecting unauthorised access is difficult, means many are taking data security to the extreme. Many businesses rely on the native security of their cloud storage provider, and they monitor access to sensitive files and folders every day.
Our findings in this area were unbelievable because it means organisations are spending a huge amount of time manually monitoring access, which is expensive and simply unpractical. Many others, meanwhile also rely on the native security of their cloud provider, but either don't monitor regularly or only after a breach, which is equally as bad. Clearly, when it comes to monitoring, organisations are either doing it inefficiently, irregularly or not at all.
Channel Pro Newsletter
Stay up to date with the latest Channel industry news and analysis with our twice-weekly newsletter
They're under pressure to protect their clients' data - not just their own
All organisations store potentially sensitive data about their clients or suppliers, whether personally identifiable information or confidential business plans. But with an increasing reliance on cloud storage and collaboration, the potential for leaking client data has risen, so it's no surprise that supply chain attacks are on the rise.
It's also, therefore, no surprise that more and more businesses are choosing their suppliers based on the strength of their cybersecurity. Having an effective cyber-posture can now be the difference between winning and losing new business, as well as the difference between keeping old clients.
The opportunity for MSPs and VARs
All of these issues provide great opportunities for managed service providers (MSPs) and value-added resellers (VARs) to help. But what is the solution, and how can you take advantage of it?
Just a tenth of organisations are using third-party software to monitor their data across their storage environments, which highlights a clear gap in the market to help solve an issue that has existed since cloud storage began.
Technology now exists that can continuously monitor access to files and folders across cloud and on-premises servers, alerting IT teams to any suspicious behaviour - significantly reducing the risk of unauthorised access, data leaks.
Specialist third-party monitoring software can also flag all types of suspicious behaviour, like access at an unusual time of day or access from a new device or an unusual location. If IT teams know about suspicious behaviour, then they can take measures to mitigate the damage, whether it's blocking that access or forcing a password reset. This kind of technology can serve as one of many useful ways for organisations to protect the data stored in the cloud.
François Amigorena is founder and CEO of IS Decisions