Are your cloud-based collaboration tools huge security risks?

Some of the biggest threats to your company’s sensitive information may originate from the cloud – through the essential digital tools that your employees use to collaborate and share information. A hacker would have a tough time overcoming your iron-clad firewall, but by obtaining the username and password of a single privileged user, they gain access to sensitive information and files shared between colleagues stored in the cloud.

Do you know how secure your digital workplace actually is? The video below gives you some facts and figures about cloud security...

Low awareness of cloud vulnerabilities leads to big risks

A high level of knowledge is no longer necessary for hacking: plenty of ready-made scripts and tools exist that can cause trouble in the hands of even your everyday user.

“Even though it is becoming easier to gain illegal access to digital systems, there’s a general lack of knowledge about cloud security best practices,” says Maarten Leyman, cloud enablement and operations team lead at delaware. “The cloud isn’t secure if you don’t take the required actions. The big risk of the cloud is that it’s easy for a non-expert to deploy software without considering the safety implications.”

Some companies may believe that cloud operators like Microsoft automatically protect their data. “Microsoft is only partly responsible for the security of their clouds,” Maarten asserts. “Indeed, they’ve invested a lot in developing cutting-edge security solutions, but it’s something that the customer has to configure to their needs.”

“Businesses might not see the value of it, or maybe they’re not fully aware of the risks. But when a big company gets hacked, you see it all over the news. A data leak can bring about the end of a business.”

Security is not automatically built into the cloud

The digital workplace is particularly vulnerable, since most attacks stem from poor end-user password management. “Email is in the cloud,” says Maarten. “Microsoft offers a solution that scans emails, Teams content and SharePoint for malicious files – but if you want to secure your data, you have to invest.”

To demonstrate this general lack of in-built cloud security, Maarten sometimes stages a live mock attack of a business. “I’m no hacker,” he laughs. “This is just to prove how easy it is for the guy next door to obtain user names and passwords and then exploit compromised users’ permissions in email clients, SharePoint, etc.” 

A company’s IT team has little or no control over external devices accessing company email, something that has become commonplace – even essential – in modern businesses. “Mobile-first is the future, and it can open a back door to security problems,” Maarten says. “When you access your work email using your Android smartphone, do you worry about how protected it is? Probably not. The solution is to apply security measures that are active between the device and the cloud.”

Crucial advantages of working with an experienced partner

If your answer to “Is my business secure?” is not a firm “yes”, here are a few follow-up questions that lead you towards a better approach to cloud security:

• How much do you spend per year on security?
• Do you balance the value of your exploitable/hackable IT assets with the size of your security budget?
• How do you detect and monitor threats?
• What type of data do you protect, and how do you guard against data loss?
• How do you protect user identities?
• What would happen if somebody engaged in digital fraud using your name?

Once you have considered answers to these basic questions, working with an experienced cloud security partner like delaware offers important added advantages.

“We have developed a comprehensive Microsoft Office 365 security assessment that identifies the weak areas in your company’s digital workplace. After the analysis, our experts can help you ensure the best implementation of Office 365 security controls for your business. Even more, delaware has forged a unique partnership with security expert NVISO that combines our expertise in implementation and services into a customizable, integrated, 360-degree security solution,” Maarten concludes.

Safeguard your business against the security risks that come with the cloud, mobile devices and shadow IT.