Small companies are increasingly reliant on the cloud to run their business, but many are failing to take responsibility for securing data in the cloud.
According to a survey by Kaspersky Lab, nearly two-thirds of companies (63%) of less than 250 employees are using one or more business-applications-as-a-service. Organisations are using cloud across a range of business areas in addition to applications such as allowing staff to work remotely, with the most popular SaaS services including email, document storage and collaboration services, finance and accounting.
However, cloud is also creating security risks and management burdens for IT. Forty-two percent of SMBs have experienced a security incident affecting cloud services, and 66% of companies have experienced difficulties in managing these heterogeneous IT infrastructures.
The situation is complicated by lack of trained IT staff in smaller organisations, with 14% of companies of 50 to 249 employees reporting that IT security management is trusted to staff who are not IT specialists.
Many organisations also believe that security is the responsibility of their cloud provider. Two-thirds (64%) of business of less than 50 employees (VSBs) are convinced that the provider is responsible for the security of document exchange applications, while 56% of SMB respondents shared this opinion.
The situation is further complicated by risky practices such as storing client data on personal devices, with 49% of VSBs and 64% of SMBs reporting this. SMBs are even less prepared for the results of data loss or breach, increasing the risk to their business.
Kaspersky Lab has warned that companies need to understand that data protection in the cloud is a shared responsibility. While cloud service providers need to uphold a sufficient level of protection, SMBs are responsible for access policies, setting strong passwords and proper configuration of services.
"To enjoy the advantages of cloud computing regardless of the growth stage they are in, businesses need to effectively manage an array of cloud platforms and services. Fundamental to this is being able to clearly recognize who is responsible for cybersecurity in IT infrastructures that are continuing to increase in complexity. Whether it is managed by internal staff or trusted adviser, cybersecurity cannot be overlooked," said Maxim Frolov, vice president of Global Sales at Kaspersky Lab. "All businesses should therefore establish a dedicated role within which the security of cloud platforms, sensitive data and business processes are kept under control."