This article was written for our sponsor, Technology Associates.

Microsoft OneDrive for Business, Dropbox Business, Box for Business, Google Drive Enterprise — with so many convenient and cost-effective data storage options, millions of businesses are looking to the cloud as an alternative to on-premise infrastructure.

While the cloud is certainly convenient, that convenience comes with its own set of hidden risks. Most troubling is the gap between businesses and cloud providers regarding who is ultimately responsible for security. In most cases, businesses assume the cloud provider is taking full responsibility for the safety and security of their data, but nothing could be further from the truth.

Eric Hobbs, CEO of Technology Associates, takes a more pragmatic approach to the cloud, having seen first-hand the gap in expectations between business and cloud solutions. For his clients, he recommends businesses take the decision to leverage cloud resources much more seriously and speak with a firm that can help explain the pros and cons of various options.

Cloud-based systems are at risk of the same concerns as traditional, on-premise infrastructure including service disruptions, improper access controls or password policies, cyberattacks/hacking, and data being exposed due to improperly configured systems. In fact, as more and more businesses leverage cloud resources, there is an ever-increasing focus on these targets from hackers.

A Forbes article stated, “Reports indicate that about 20 percent of enterprise data is currently cloud-based, a number that will increase leaps and bounds as new cloud-based technologies move into the picture. But while these new technologies have the power to drive transformation and innovation, they also create new opportunities and attack surfaces for threat actors to exploit.”

“Cloud-based offerings are a tremendous opportunity for businesses to reduce capital costs while increasing flexibility and access to data, but it is critical to understand your options, risks and responsibilities when evaluating how your business will leverage cloud,” Hobbs explained. “In many cases, you have less control over security than when resources are on-premise and oftentimes the responsibility for protecting your data is, by default and by user agreement, assigned back to you.”

Even for something as simple as moving email to O365 (Microsoft Office for business), a business needs to understand the default retention policy for deleted email as well as their options for changing the 14-day default.  In many cases, the default options available in O365 don’t meet a business’s (or regulatory needs) requiring the purchase of alternative O365 plans or even third-party products to ensure compliance.

Oftentimes businesses assume their data is “always backed up in the cloud” and they can recover anything from any period at any time, and it isn’t until something happens they find out otherwise.

In most agreements, when the cloud provider has agreed to house your data, they aren’t agreeing to protect it — meaning your sensitive information can be vulnerable to attack or exposure.

For example, take Amazon’s S3 bucket cloud storage system. While many files in the buckets are public by design, some buckets — and several containing highly sensitive data like medical records and Social Security numbers — are left open by accident, simply because the people implementing this technology didn’t do their homework regarding securing their data storage.

“Some businesses rush headlong into technology without really thinking of the consequences. Like when you take a deposit to your bank, you have a certain expectation that the bank is going to have appropriate security measures in place if something bad happens, they’re going to handle  it,” Hobbs said. “The way some businesses implement cloud looks like running down to PNC Arena, throwing a thumb drive up in the air, and thinking that everything’s good to go.”

With such high-security risks, what is it about cloud storage that has people coming back for more? The answer, in short: money talks. For many companies, when presented with the choice between a $25,000 in-house server upgrade versus $250 month for cloud storage leasing, the choice is simple.

While the cloud is initially cheaper, many businesses are starting to see the risks and more carefully weigh this equation.

Since companies all over the world use cloud storage, hacks can happen to any business, anywhere. In fact, there have been breaches right here in the Triangle area. For example, the Raleigh and Charlotte locations of healthcare solutions company Allscripts suffered a cyberattack in 2018 when hackers used ransomware to infiltrate their database. Most customers had issues accessing their information for a week, and tens of thousands of doctors, hospitals and healthcare providers were affected, leading to a class-action lawsuit against the company.

As cloud data breaches continue to plague companies all over the country, many states have started passing legislation that requires companies to notify users of hacks that affect their personal data, and instituting fines for those who fail to do so.

For those thinking of transferring their business’s information to the cloud, these higher stakes mean greater caution is recommended.

“Businesses need to understand these risks given changes in the data-breach reporting requirements. Regardless of where it is stored, businesses need to take responsibility for their data and take a more serious approach to security and business continuity as they continue to leverage cloud resources,” Hobbs said. “It’s not OK to throw your data on a cloud solution and cross your fingers that everything is secure.”

As legislation grows and hacking attempts increase, it’s crucial for companies to employ the utmost protection to their data, no matter what their storage solution might be. For those who use the cloud, increased safety measures may be required.

This article was written for our sponsor, Technology Associates.