Businesses have been urged to strengthen their data security systems in the face of growing threats from cyber attacks. According to a new survey of IT decision-makers by the BSI, 56% of UK companies are more concerned about cyber security than they were 12 months ago.
The organisation also said many businesses are at risk of "sleepwalking into a reputational time bomb" because they lack awareness of how to protect their data assets. The findings suggest the security of online file sharing software and collaboration tools, as well as other cloud services, will come under greater scrutiny as more companies seek detailed assurances about the data they share in the cloud.
With analyst reports showing that cloud solutions continue to gain traction among organisations in almost every sector, it seems unlikely that the market's growth will be arrested by the increased security concerns of IT directors. Instead, businesses will put more time and effort into seeking out cloud services they trust to keep their data protected.
Cloud service providers - and that includes us here at Kahootz - can therefore expect to see their security credentials placed under the spotlight more frequently in 2015. For this reason, many buyers are likely to place increased value on independent certifications as proof of the robustness and reliability of a service provider's security controls.
There is a strong belief that providers with recognised security benchmarks such as ISO 27001 are better equipped to face the dangers posed by hackers and other online threats. The BSI survey found that 52% of organisations who have achieved ISO 27001 certification, which represents an internationally recognised best practice framework for information security management, are extremely confident about their resilience against the latest cyber attacks.
"Organisations with ISO 27001 can better identify the threats and vulnerabilities to their information security and put in place appropriate controls to manage and mitigate risks,” said Mike Edwards, information security specialist at BSI.
Secure collaboration in the cloud
Collaboration is a space that demands the highest security standards. Users need to know the data they share with external partners and potential suppliers, as well as sensitive internal information, is protected. They need total confidence in the cloud collaboration services they deploy, particularly when projects are held to tight timescales and even a minor query over security can significantly derail progress.
In the public sector, the security landscape for collaboration tools and other services offered via the G-Cloud framework is changing massively. In a move designed to make it easier for SMEs to do business in the Digital Marketplace (the new version of the CloudStore), suppliers no longer need to obtain Pan Government Accreditation (PGA) to verify the security of their product. Instead, they are required to make self-assertion statements on information security and provide documentation to support these assertions where appropriate.
Although it is perhaps too early to judge the full impact of this new approach, many commentators view it as a backwards step for security. Gartner has advised buyers that seek an accredited solution to "make that purchase within the next 12 months from an already accredited supplier", as existing PGAs will remain valid for that period.
In the short-to-medium term, it seems that buyers across both the public and private sector must shoulder a greater burden in terms of evaluating the security credentials of the cloud services they choose. But suppliers also have a key role to play in providing the security assurances they require, through a combination of reputation, certifications, robust technology and demonstrable expertise.