Cloud Computing and Data Protection

What You Need to Know

Cloud Computing and Data Protection: What You Need to Know

In an age of digitalization, the issues of cloud computing and data protection are extremely significant to almost every company. But many decision-makers remain concerned about security when migrating their data to the cloud. SoftwareONE shines a spotlight on the trend of Cloud Computing, presents possible vulnerability scenarios, and takes Office 365 and Symantec as examples of how the benefits of the cloud can be exploited without being exposed to additional security risks.

Increasing numbers of our customers are exploring the opportunities of Cloud Computing. The benefits are plain to see. Cloud Computing is a revolutionary, affordable and uncomplicated technology that provides companies with immense flexibility in the completion of ongoing tasks. You are able to use practically unlimited computing power and storage capacity – available on tap and only as much as you currently need! What’s more, data must be accessible on every device from anywhere in the world.

Watch out! Shadow IT as an Underestimated Security Risk

If you ask suitable IT experts in a company how many cloud applications they believe are in use, the answer will always be more or less the same: “We use no more than 30 to 40 cloud applications.” But the security company Symantec claims that on average, 812 applications are operating in the cloud at German companies. Specialists use the term Shadow IT. It includes cloud apps like Xing, which enable data exchange up to 100 MB.

Were You Aware of That?

Do you know which data is transmitted, when it is sent and where it goes? Most companies would have to respond to this question in the negative. It is advisable to seek technical support from security experts in order to assess the risk to your environment. Symantec, for instance, provides a free risk assessment service.

In most cases the employees do not act deliberately. Quite simply, it is an inevitable consequence of requirements in everyday business routines. It is normal in an age of globalization that your employees would like to share information quickly and flexibly across international borders to avoid falling behind the competition. Of course you could prohibit all cloud services, but blocking them will not solve the problem.

So it is essential to listen to the requirements of your staff and to give them the opportunity to benefit from cloud-based solutions without endangering security or exposing the systems to additional risks.

Appearances are Deceptive! There are Risks Lurking in Free Security Solutions

Office 365 by Microsoft is an immensely popular application. And it is all the more gratifying that Microsoft includes a raft of security solutions free of charge. But they must be perceived as add-ons to the existing IT security infrastructure.

A glance at the latest Internet Security Threat Report by Symantec plainly indicates that the threat landscape remains complex and that built-in security features in Microsoft Office 365, Google Apps and other cloud-based email and productivity solutions are not up to the task of providing companies with blanket protection.

The analyst firms Gartner and Forrester also confirm this assessment, agreeing that the major security vendors like Sophos, Trend Micro and Symantec still lead the field by far:

Source. Gartner
Source: Forrester

What Ideal Protection for Your Cloud Data Looks Like

We will use Office 365 as an example to demonstrate how quite basic protection sometimes falls short, and why you should still trust in specialists if you want to enjoy your new freedom safely.

1. Protection of Office 365 e-mail against spam, complex malware and phishing attacks

Office 365 contains signature-based anti-malware and antispam features. Other services/add-ons are needed to protect against complex threats like zero day attacks. The built-in security functions in Office 365 are not always effective enough to throw up a shield against today’s highly evolved attacks.

For instance, the phishing link protection in Office 365 only uses blacklists of known, malicious URLs. But criminals frequently get round these blacklists by inserting abridged links that redirect multiple times before reaching their actual destination.

The Symantec Email can be a solution to upgrade your security and accommodate this situation.

Your benefits:

  • Intelligent source link tracking in real time
  • State-of-the-art heuristic technology based on over 8.4 billion email messages and 1.7 billion Internet requests (Skeptic)
  • Industry-leading service level agreements (SLAs) with guaranteed results, practically 100 percent protection against known and unknown email viruses with essentially no false-positive reports

2. Protection against complex threats and targeted attacks

Advanced persistent threats (APT) is the name given to this kind of attack. They are targeted threats that remain a clear and present danger.

A study by the professional association ISACA indicates that 33 percent of companies are unconvinced that they are prepared for an APT or that they will be able to respond appropriately to an attack. Protection against these many-faceted risks requires multi-layer solutions and smart security.
The security solution built-in to Office 365 does not always provide complete protection against the complex, targeted attacks to which customers are exposed in the modern business environment.

They do not have suitable tools to correlate email, device and network analyses and hence to detect perniciously camouflaged and extraordinarily tenacious attacks. Moreover, they lack functions with a rapid display of attack details, to recognize how all the incidents are related and to scan control points for the artefacts of an attack. It is therefore practically impossible to establish context and to visualize malicious activities in the current environment. In consequence, they are not able to prioritize incidents and to immediately quarantine and neutralize the attacks throughout the entire company.

You can complete your protection and shape up for APTs for example by using Symantec Advanced Threat Protection

Your benefits:

  • Detect and analyze complex threats on your devices, in your network, your email systems and in your Internet data traffic
  • Prioritize the most urgent tasks
  • Neutralize complex attacks in minutes

3. Backing up your confidential information in Office 365 Exchange

The data loss prevention and encryption features that Microsoft has built into Office 365 are rudimentary and only offer basic protection. The limited available methods for content detection in Office 365 (restricted document fingerprinting and basic functions for digital watermarking) lead to a greater number of false positives, increasing the workload for the IT department. Options to neutralize incidents and to automate workflows in Office 365 are limited to simple messaging and blocking functions. Do not skimp in the protection of your confidential information. Symantec Data Loss Prevention is one of the good solutions on the market. Your benefits:

  • Simplified tasks such as policy management, reporting and incident neutralization
  • Powerful date protection – Symantec DLP Cloud Service for Email
  • Central dashboard and uniform DLP control mechanisms for all cloud services and local environments
  • Seamless, policy-based encryption

4. Access control with secure authentication

Identity protection is the lock to the front door of cloud services. It prevents attackers from gaining entry and ensures that employees receive access to the cloud apps they need. Implemented correctly, it also improves user-friendliness by enabling a transparent login procedure. Authentication in Office 365 is restricted to options such as out-of-band messages (text and voice) and messages via mobile devices. This means that secure and convenient options such as biometric, risk-based and hardware-based login information is not available. Office 365 only offers single sign-on and authentication for Office 365 applications. Exclusively Active Directory (AD) and Microsoft Identities are supported. Customers that perceive authentication and access control as integral elements in their security strategy – based on more than just individual applications – will find these options inadequate.

Use Symantec VIP to grant certain users – and only these users – access to your Office 365 service.Your benefits:

  • Improved security without restricting user comfort – Symantec VIP (Validation and ID Protection Service)
  • Better and more efficient review and access control for Office 365 and other cloud services – Symantec VIP Access Manager

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Blog Editorial Team

Trend Scouts

IT Trends and industry-relevant novelties

Related Articles

Getting Started with FinOps: Why Cloud Security is Your Step Zero | SoftwareONE Blog
  • 31 Mee 2021
  • Bala Sethunathan
  • FinOps, Managed Security, Managed Cloud, Cloud Spend Management, cloud-security
  • PyraCloud

Getting Started with FinOps: Why Cloud Security is Your Step Zero

Whether you’re looking to control costs arising from cloud workloads, fraud, or data breaches, cloud security is the important step zero before starting with FinOps. Learn more.


Creating the Software Infrastructure Nonprofits Need to Transform Lives

Transforming your software infrastructure can help your nonprofit do more good at a lower expense. However, there are some barriers to clear first.

Implementing Artificial Intelligence
  • 07 Abrëll 2021
  • Blog Editorial Team
  • Cybersecurity, Managed Cloud
  • Artificial Intelligence, Artificial Intelligence, Automation, Analytics

Beginning Your Journey to Implementing Artificial Intelligence

Artificial intelligence is much simpler than you may think. Discover the benefits and challenges of implementing AI within your organization.