ICAEW.com works better with JavaScript enabled.

Head in the clouds: cyber risks and data protection

Author: ICAEW Insights

Published: 28 Oct 2022

There is a common misconception that in moving to cloud-based systems, your technology environment is less secure. ICAEW’s Head of Data Analytics and Tech, Ian Pay, explores why this isn’t necessarily the case.

Most organisations have now embraced cloud computing to a greater or lesser extent. But for those who are still unsure, risks surrounding security are among the most cited concerns, with data privacy frequently topping surveys exploring cloud-computing challenges. 

But cloud computing can actually deliver a more robust security environment than legacy systems. Instead of the cyber-security challenges of cloud computing, let’s spend a little time talking about the opportunities.

Could the cloud be a better option?

In short, yes. By using cloud-based systems, you can rely on the infrastructure and support of dedicated providers, whose job it is to store and look after your data. With the best will in the world, a small team of IT specialists looking after an in-house system is unlikely to be able to match the resources of global cloud-hosting megacorporations. 

This matters when it comes to cyber security. The likes of Amazon, Google and Microsoft have entire teams and systems dedicated to threat prevention and monitoring. If someone is trying to access your data, then the chances are they’ll catch it before you’ve even turned your laptop on.

Even when dealing with highly confidential data, the notion that it must be kept on premise due to security concerns is flawed. In modern cloud-hosting environments, it is possible to identify and ring-fence data for additional levels of security in a way that can often be harder to implement in smaller-scale, locally hosted solutions. 

If you want to make it impossible for users to download confidential data from cloud environments, this can typically be enforced with just a few clicks. Because cloud platforms usually enable better, automated integrations between solutions, the security risks associated with manual movement of data files are also reduced.

It’s also worth noting that cloud-based systems receive regular updates and protection against the latest threats in a way that legacy, on-premise solutions often do not. For many organisations, it is these legacy systems that are the weak link, requiring constant patching and monitoring. They are also the systems that cyber criminals most commonly look to exploit as back doors into the wider environment. 

Last, but by no means least, the threat from breaches of physical security are reduced by simply not having physical infrastructure that needs protecting. If your data is in the cloud, you don’t have to worry about who has access to your data room any more.

Safety first

Of course, cloud computing is not risk-free, and particularly in this world of hybrid working it pays to take some basic steps to ensure that the security of your cloud storage isn’t compromised. First and foremost, understanding a little about what you’re working with can go a long way to having a secure cloud environment. Concepts of network configuration, resource management and encryption can be overwhelming for cloud novices, which is why there is no shortage of training and guidance available online, often for free (for example Microsoft’s Azure Fundamentals courses, or Amazon’s AWS Cloud Quest).

The step that should hopefully come as no surprise is multi-factor authentication (MFA). Ensuring that your staff must, in some way, validate their access to the cloud platform is vital, but it needn’t be cumbersome as MFA can range from codes by text, email or authenticator apps to IP-address-allow lists, device tokens or use of VPNs to provide a secure tunnel between a user’s device and the cloud. MFA is by far the best way to ensure that your data stored in the cloud can only be accessed by those who need it.

It is also important to understand what undertakings your cloud-service provider has made to ensure the security of the environment. Have they completed relevant certifications such as ISO27001? Do they perform regular tests? What monitoring do they have in place and how transparent are they about this? While most major cloud-service providers are on top of this, it is by no means guaranteed and is always worth checking before signing up.

Another area to be clear on is the nature of any backups of data stored in the cloud, and who is responsible for managing them. Should the worst happen, you want to know that you can restore a current copy of your data and be back up and running swiftly. Again, many cloud providers will manage this for you, but it is worth knowing the specifics, particularly around the frequency of the backup, as businesses that work with high data volumes may find a nightly backup is insufficient.

It would be remiss to suggest that cloud computing is always the right answer. But the scenarios where it isn’t are becoming less and less prevalent, and there is a good case to be made for cloud computing delivering more secure environments, provided some simple cyber-hygiene steps are adopted.

Cybercrime Awareness Month 2022

ICAEW marks the global Cyber Security Awareness month with a series of webinars, videos, podcast, a panel discussion and other resources addressing cybercrime and how to protect your business. We will focus on the latest trend as well as supply chain risks and concerns.

Payment online

Discover more from ICAEW Insights

Insights showcases news, opinion, analysis, interviews and features on the profession with a focus on the key issues affecting accountancy and the world of business.

Podcast icon
Insights Podcast

Hear a panel of guests dissect the latest headlines and provide expert analysis on the top stories from across the world of business, finance and accountancy.

Find out more
Daily summaries
Three yellow pins planted into a surface in a row
News in brief

Read ICAEW's daily summary of accountancy news from across the mainstream media and broader financing sector.

See more
A megaphone
Stay up to date

You can receive email update from ICAEW insights either daily, weekly or monthly, subscribe to whichever works for you.

Sign up