Colorful umbrella in the rain

A recent study indicates that company’s might underestimate security issues when planing their cloud projects.

The cloud has come to stay, at the latest due to the pandemic, cloud applications have established themselves for the concept of remote work – that is, working outside of fixed office locations. But cloud applications also lend themselves to better linkages with peripheral systems, more flexible customization and the use of analytics.

The great concern about security in the cloud has now subsided to the extent that the necessity of cloud solutions often outweighs the doubts. Nevertheless, companies should keep a few things in mind when it comes to making the migration secure.

IDG Research Services, in collaboration with TÜV Süd, surveyed more than 350 companies from the DACH region for a study on cyber security in the cloud. You can download the German study in full here. The study shows that security in general is still an important topic. However, many company’s fail to implement the right measures and steps to implement compliant and secure cloud solutions.

Based on the study, we compiled four tips necessary to ensure a secure start into cloud projects.

Don’t just look at the price when making your selection

According to the survey, the price/performance ratio is more important to companies (36%) than the provider’s know-how (28%). However, different industries, legacy systems and requirements need a skilled implementation and potentially individual solutions to make sure that all interfaces and data are securely connected. If a provider does not have the right know-how of specific requirements (industry, legal, protection) it’s up to your internal IT to do the heavy lifting to make sure that the project can be implemented securely.

Providers who also offer implementation and optimization services in addition to the cloud, or have certified implementation partners, can support your team with the right skills and expertise when it comes to cyber security. For example, larger companies in particular are increasingly (43%) relying on external, so-called security operations centers to provide support.

Involve your internal IT right from the start

Around a third of all surveyed companies integrate their own IT security right at the start of a cloud project. Every fifth company picks a provider without input from their internal IT. Especially companies with fewer than 1,000 employees are more reluctant to involve their IT early in the decision-making processes.

While IT should not decide alone when it comes to cloud solutions, compliance and security requirements should be given high priority during the selection process, which is why it is essential to involve the company’s own IT when designing the requirements catalog.

In addition, it should be clear who has decision-making authority and expertise for security topics. The study showed a disconnect between executives claiming they had involved IT security (41 %) and security officers confirming this (29 %).

Adjust your security budget

Circa 39 % of all companies surveyed increase their security budget when moving from an on-premise solution to a cloud solution. 43 % do not change their budget. One in ten companies reduce their budget.

The latter ignores the fact that switching to the cloud sometimes requires different or new security measures. Especially at the beginning of a cloud project, additional budget should therefore be made available. This way, resources can be put into new security requirements and the implementation can be done immediately and not as an afterthought.

Train your employees

Remote work via cloud applications in particular is rated by many respondents as more insecure than in the office. Again, larger companies are less concerned about seucirty issues compared to smaller companies. In addition, those responsible for security assess the risk to be significantly lower than the surveyed department heads. For example, 52% of all security officers consider cloud-based work outside the office to be safe or very safe. On the other hand, only 42% of business departments agree.

Mistrust can cause problems when implementing new technical solutions and processes. It is therefore important to inform and train employees, so they know best practices for safe working in the cloud. This also strengthens your company’s cloud security in general. After all, one of the biggest risks in any security strategy is human error.

Especially when using mobile devices or working remotely, employees need to know how to protect data and lower risks. This can be teaching about strong passwords and two-factor-authentification. But it can also mean informing about the risks of reading confidential emails in public or leaving the laptop open at home when others are around.

By the way, there are numerous measures for user safety awareness. You can do workshops, online quizzed or even test attack scenarios to see how employees react to phishing emails, etc.

All-around security with Security Operation Centers, advanced training and stress tests for your cyber security. Find out more about our services for protecting your data and corporate IT on our new DIGITALL website.

New call-to-action