Clients frequently ask our team about security in the cloud and how their data is protected. We spend a ton of time with them walking them through the features of security that Microsoft has built. Generally, the discussion boils down to two topics:
Even though the cloud isn’t perfect for security, it is exponentially better than what is currently protecting the same data at the client’s site. Frequently, the customers who question the security of the clouds are the same ones who believe that a firewall and antivirus is strong security. In my opinion, it is the bare minimum. Taking these clients to the cloud provides a level of security that they have never seen and likely could never make the investment for.
Security by obscurity – many smaller clients believe that they have a level of security provided by the fact that they shouldn’t be a target. “No one knows who we are.” “No one knows our network is here.” These arguments tend to fall apart with the use of automated tools that aren’t targeted. They are just pointed at people’s internet addresses and sent to try and open as many doors as possible. These automated bots do not discriminate like a human would – they will go after any and all data. Our general advice is to remove the Exchange server which is one of the chattiest services on the network – it will talk to anyone. And if a client really wants security by obscurity, Microsoft’s Office 365 service is so large that their mailboxes are sure to be lost in the mix. If they find that comforting.