According to a recent Survey by Clutch, a leading B2B ratings and reviews firm, small to medium-sized businesses (SMBs) despite growing warnings from industry experts, 25% risk data security if they use free cloud storage. The report reveals that 11% of SMBs are storing banking information and 14% are storing medical records in free cloud storage. Clutch explains their findings about the sensitivity of medical and banking information in cloud environments.
“Storing sensitive data in free cloud storage is an ill-advised and irresponsible business practice since necessary security measures are often lacking, according to cloud experts interviewed for the report. Businesses that store banking or medical information are required to comply with the Payment Card Industry Data Security Standard (PCI) or Health Insurance Accountability and Portability Act (HIPAA).”
The survey is the 2nd annual iteration of Clutch’s Small Business Cloud Storage Survey, and included 293 SMBs who use cloud storage services. All businesses have 2-500 employees. The Clutch survey found largely, that SMBs have high faith in the cloud’s security, with 87% saying that it is either very or somewhat secure. Despite this, though, security is still the top consideration for SMBs shopping for a cloud storage provider.
“If you need to be HIPAA compliant or PCI compliant, you should be using the highest level of security that you can obtain, and usually that’s not present on most free cloud storage accounts,” said Jeff Alerta, Director of Technology at Inverselogic, Inc, a technology and web solutions company.
Mark Estes, Regional Director of Sales at Qubole, a self-service platform provider for big data analytics, says that this relates back to the behavior of the users themselves: “You have the people [who] agree that the cloud is secure. But they also understand the caveat that it is only secure if you use it in the correct manner… There’s a lot of things that go into how you secure the cloud.”
Overall, experts emphasize that a cloud storage service’s security doesn’t matter if its users aren’t trained properly. The weakest link is typically the user.
“I recently did some penetration testing for a financial company,” said Jacob Ackerman, CEO of SkyLink Data and Business Services, a hosting provider. “Our job was to determine weak points. We used a fictitious email address and I was able to get their CFO’s password with a spear phishing attempt within 15 minutes. So from that point forward, who cares how good your encryption is?”
For the complete report, visit: https://clutch.co/cloud/storage#survey
Download our Free Cloud Computing Platform Buyer’s Guide for a closer look at product key features and capabilities.