Home / / SMBs failing to take responsibility for data in the cloud

SMBs failing to take responsibility for data in the cloud

Kaspersky Lab says that SMBs are over-reliant on cloud providers to protect client data

SMBs failing to take responsibility for data in the cloud
SMBs need to understand who is responsible for securing cloud services, says Frolov.

Small companies are increasingly reliant on the cloud to run their business, but many are failing to take responsibility for securing data in the cloud.

According to a survey by Kaspersky Lab, nearly two-thirds of companies (63%) of less than 250 employees are using one or more business-applications-as-a-service. Organisations are using cloud across a range of business areas in addition to applications such as allowing staff to work remotely, with the most popular SaaS services including email, document storage and collaboration services, finance and accounting.

However, cloud is also creating security risks and management burdens for IT. Forty-two percent of SMBs have experienced a security incident affecting cloud services, and 66% of companies have experienced difficulties in managing these heterogeneous IT infrastructures.

The situation is complicated by lack of trained IT staff in smaller organisations, with 14% of companies of 50 to 249 employees reporting that IT security management is trusted to staff who are not IT specialists.

Many organisations also believe that security is the responsibility of their cloud provider. Two-thirds (64%) of business of less than 50 employees (VSBs) are convinced that the provider is responsible for the security of document exchange applications, while 56% of SMB respondents shared this opinion.

The situation is further complicated by risky practices such as storing client data on personal devices, with 49% of VSBs and 64% of SMBs reporting this. SMBs are even less prepared for the results of data loss or breach, increasing the risk to their business.

Kaspersky Lab has warned that companies need to understand that data protection in the cloud is a shared responsibility. While cloud service providers need to uphold a sufficient level of protection, SMBs are responsible for access policies, setting strong passwords and proper configuration of services.

"To enjoy the advantages of cloud computing regardless of the growth stage they are in, businesses need to effectively manage an array of cloud platforms and services. Fundamental to this is being able to clearly recognize who is responsible for cybersecurity in IT infrastructures that are continuing to increase in complexity. Whether it is managed by internal staff or trusted adviser, cybersecurity cannot be overlooked," said Maxim Frolov, vice president of Global Sales at Kaspersky Lab. "All businesses should therefore establish a dedicated role within which the security of cloud platforms, sensitive data and business processes are kept under control."

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.