Secure in the cloud

Whether it’s hackers, malware or natural disasters: data is threatened from many sides. Data backup and recovery strategies that rely exclusively on local solutions are insufficient – and risk sealing the fate of companies once and for all if data is lost. Data storage in the cloud boosts security – if used correctly.

Cybercrime has been making headlines for years. The cybercriminals attack public institutions and authorities or paralyze entire companies. Sometimes the IT systems are down for days or internal communication is disrupted, while in other cases business secrets disappear from the databases and personal data is stolen. Even a single e-mail that looks very authentic and appears to come from a genuine, existing business contact can end up crippling a company’s IT. The IT industry association Bitkom estimates cybercrime damage to the German economy at more than 220 billion euros per year. 90 percent of all German companies surveyed reported having been attacked within a two-year period.

The exact figures are hard to come by, however, as many cases go unreported; many companies prefer to pay a ransom if ransomware is involved in order to get the hackers to release their systems again. The damage to the company’s image would be too great if the public were to learn that customer data is not safe with them.

The IT industry association Bitkom estimates cybercrime damage to the German economy to be more than 220 billion euros per year. 

Downtime in production and administration resulting from cyber sabotage and malware is not the only example of cybercrime damage. High levels of damage are often indirectly inflicted by industrial espionage and the resulting loss of competitive advantages. This constitutes a major risk for specialized companies that invest a lot in development.

Many small and medium-sized enterprises prefer to operate central systems under their own responsibility and control in an attempt to keep data, files and systems essential to business operations in-house and protected against external influences and threats. Although company secrets and critical systems remain on their own hardware – possibly on their own premises – the numerous successful attacks on companies show that the expected security does not exist.

To safeguard against risks, companies are investing more in protecting their IT infrastructure. They are sensitizing their employees to the dangers of cyberattacks and improving the security of their software, for example through regular updates. Above all, however, ever more companies are outsourcing the operation and maintenance of their systems to specialized service providers. For example, they are increasingly storing their data and applications in the cloud rather than on in-house servers. Just as a company’s cash assets are safer in the bank than in a basement vault, data is also better off in the hands of service providers that specialize in infrastructure.

Small and medium-sized enterprises in particular are hardly in a position to handle the personnel and financial outlay required for on-site IT infrastructure and data storage that is comprehensively protected against professional attackers. The cloud is usually more cost-effective and avoids the risks that could result from infrastructure that is not ideally maintained. A professional cloud provider employs its own experts and has its own defense mechanisms that are capable of warding off DDoS attacks, for example. The system landscape is nevertheless the biggest security issue: it is essential to ensure that the applications and data are available, resilient and secure at all times.

According to management consultants KPMG, cloud computing is now an integral part of the IT infrastructure for about three quarters of all German companies with more than 20 employees. But is data stored in the cloud really immune to all dangers? After all, applications in the cloud could also become the target of attacks from the Internet. One countermeasure is redundancy, i.e. the provision of additional resources as a reserve in case the primary instance fails.

However, a data copy – the backup – alone is not enough. It must also be stored at different locations, often referred to as “geo-redundancy”. If all the data centers are located on the same site, backups could also be lost in the event of a disaster, for example.

On the one hand these duplicates help restore data in case of emergency (disaster recovery) and on the other, depending on the use case, these are local copies of applications and databases that can be made available to branch offices or international customers and data.

The type of data center alone does not determine the level of security. The applications, secure access control, and other security measures such as encryption ultimately ensure the security of systems and data. Audit-proof archiving is used to ensure that data that has been damaged or accidentally deleted does not subsequently disappear from the backups and duplicates as well. Experts also recommend that another backup copy be automatically made from the backup at a third location if primary data is lost.

“One cloud is not enough,” is how cloud computing expert Peter Heidkamp from KPMG puts it. According to the “Cloud Monitor” survey conducted by the consultancy and Bitkom, ever more customers are recognizing this. Apparently the trend toward “multiple clouds” is unstoppable: 32 percent of companies with 20 or more employees already use multi-cloud computing. The figure is even 87 percent for large companies with more than 2000 employees. About half of the companies say they have taken this step to prevent cloud failures. A good third has apparently done so to better allocate their cloud resources at full capacity.

“Cloud computing has become a key digitalization technology and thus an almost existential necessity,” says Heidkamp, Partner and Head of Technology at KPMG. That makes investing in the necessary protection a good idea.

“Cloud computing has become a key digitalization technology and thus an almost existential necessity.”