This article was originally posted to the Microsoft 365 Growth Center blog.
For a long time, the cloud was considered the “wave of the future.” But the future has arrived. A great cloud storage solution not only allows your employees access to files anytime, anywhere—it also makes it simple to sync files, work on the go and share and coauthor documents with ease. But more than 50 percent of organizations find cloud storage to be the
riskiest cloud app category.
A big reason for that? Security threats. Despite all the data out there showing the cloud to be just as or more secure as on-premises storage, security remains the top barrier to cloud adoption, according to the Cloud Security Alliance. That’s why cloud security is one of the top concerns for providers—and why they spend so much capital making sure their products are secure. In fact, by 2019, the
global cloud security market alone will have reached an estimated $8.71 billion.
Still, not all cloud storage providers are created equal, especially when it comes to security. Even though it’s important to get a “good deal” on your enterprise cloud solution, it’s more important to ensure the security of your data. When researching cloud storage providers, be on the lookout for those that exhibit the following red flags—and avoid them like the plague:
No solid reputation—In this business, like many others, reputation is key. If a no-name company is offering a great price, make sure to investigate testimonials, recent downtime, experience, breadth of services, etc. before signing a contract. Also, remember that a smaller company might not have the capacity to manage your load, give your organization the attention you need or even be in business in five years’ time.
Non-HTTPS site—An HTTPS site is essential for proper security, because it secures any requests for personal information, such as forms. In addition, sites not encrypted with HTTPS allow for easy interception of login credentials. If your login credentials are discovered, hackers can access your files, steal your data and do a lot of internal damage.
Other security protocols missing—Any decent enterprise cloud storage provider will offer certain protocols, including encryption, which ensures the only people who can access your company’s data are those with proper login credentials. You’ll want a high level of encryption, such that your data won’t be compromised by prying eyes even if the cloud storage provider comes under legal action.
Weak privacy statement—When comparing online cloud storage providers, ask yourself, “How committed are they to protecting my data?” Find a service with a strong privacy statement, one that doesn’t give permission for that service to browse your files. Some are more stringent than others. Determine what is acceptable for your organization’s needs and choose wisely.
No mention of compliance standards—Meeting compliance standards and obtaining industry certifications demonstrate a provider’s capabilities and offer proof of reliable security. Looking at these certifications and met standards is an objective way of comparing each provider. Examples of compliance standards include ISO 27001, HIPAA, FERPA, FISMA, SSAE 16, PMI and more.
Vague service agreements—A cloud storage provider’s service agreements should offer enough transparency that you truly know what you’re getting. A provider should make clear commitments about what security controls it has in place, where data resides and who manages the underlying technology. How can you trust providers to protect your data if they won’t tell you how they plan on doing it?
There is no one-size-fits-all cloud storage solution. Every organization has different needs, and these needs should be reflected in your choice of an enterprise cloud provider. Whatever your solution and whoever your provider, though, security should remain at the top of your list of considerations.