Infrastructure, Security, Security and Compliance
The SMB Cybersecurity Cloud Conundrum
The U.S. business world was sharply reordered back in early 2020 when the initial appearance of Covid sent workers away from corporate buildings and into the vast landscape of the distributed workforce, aka the remote workforce.
From an SMB cybersecurity standpoint, there were multiple immediate impacts, some direct and some far more nuanced.
The most direct impact was that companies suddenly had a massive number of new remote offices. But these weren’t–from a cybersecurity perspective–like the remote sites they knew well, such as the Chicago office with 15 people in it or the long-existing San Francisco office with 20 developers. No, these new remote sites didn’t share much in common with each other. They would be leveraging different carriers, using different routers. The laptops and phones might be different in each location and let’s not even get started on the different levels of patching happening.
These new remote sites often gave access–often unauthorized access, but access nonetheless–to children and other security risks. These systems may back up to consumer-grade backup firms, putting both security and compliance at risk.
That was the first change that pushed companies into using far more cloud environments. A move to the cloud would theoretically bring back consistency, which is necessary to have meaningful security and compliance.
The second factor that increased cloud usage was indirect. When almost all of those businesses–SMBs and enterprises alike–had to empty their hallways for the initial phase of the epidemic, that left no one to manage the company’s on-prem systems, referring to servers and related equipment housed in those now-vacant headquarters buildings.
By early 2020, businesses have been consistently and rapidly increasing the percentage of their data that they housed in the cloud. But between remote sites and the emergency abandonment of many on-prem operations, those companies sharply accelerated their gradual plans to move more and more data into the cloud. Put another way, companies were already heading in that cloud direction for various reasons (cost savings, scalability, cybersecurity, easier compliance, legal rules about where data can be stored globally, etc.), but the pandemic pushed that cloud movement into hyperdrive.
This massive cloud movement introduced a lot of SMBs to the reality of large-scale cloud deployment. On the plus side, there were improvements in scalability and cybersecurity. Clearly, there are good and bad cloud providers in much the same way that there are SMBs with excellent cybersecurity and some with much weaker cybersecurity. That all said, it’s true that the vast majority of SMBs experienced a very substantial boost in security and scalability with their cloud move.
That fact also leads us to the biggest cloud challenge. Although it is true that cloud platforms typically focus extensively on cloud security, the nature of a big cloud host means that its decisions are generic. Its configurations, for example, are perfectly fine for most companies doing typical data projects, but the trick of cybersecurity is fine-tuning an environment for one specific business: yours.
It needs to factor in your company’s size, your vertical/verticals, your current profile, your imminent expansion plans, your compliance position, and critically, your threat landscape (meaning who is trying to attack you and what techniques are they using).
That onus typically falls into the to-do lists of the business’s IT or security staff, assuming that the SMB has either/both of those. But rarely do those teams have the time and resources to do that customization. It gets worse. Many cloud environments will change their own configurations–and yours, right along with it–every day and the cloud staff will never tell their customers/cloud tenants that they made the changes and certainly not what those changes were.
Where does this leave SMB executives? The move to the cloud is the right choice. Beyond cybersecurity strengths, compliance, scalability, and uptime robustness, the typical cloud can deliver far superior ROI. This is simply a factor of the cloud’s scale. Not only can their systems handle your vast amount of data for fewer dollars than an SMB can, but they can absorb the cost of a 24×7 team of highly trained personnel watching your systems around the clock. If your business gets hit with a D-DOS (distributed denial of service) or ransomware attack at 2 AM on a Saturday, you’ll be glad that you can reach your cloud team and know that they are fighting on your behalf.
It’s not the move to the cloud that is in question. The question is which cloud platform makes the most sense for your business. Here are some things to consider:
- Does this cloud platform take the time to understand my business, my plans, and my threat landscape?
- Does this cloud platform have the ability to use that information to adjust its configurations and options to maximize security and efficiency for my business?
- Does the cloud platform keep in touch with you, asking continual questions about your business so that they can configure settings to handle your current needs–as opposed to what your needs were five months ago?
- Is the cloud platform focused on businesses like yours or are most of their cloud tenants $50 billion enterprises?
- When you need help, how responsive are they?
- Test their customer service/technical support team before signing a contract. How quickly do they answer? How easily do you find them to talk with? Do they take the time to understand your immediate need or do they seem to be reading from a script?
Here at Intermedia, we are happy to report that our teams are trained to handle businesses just like yours. Simply put, it is our job to focus on your IT so you can focus on your business. Put our cloud to the test.