When considering the move from an in-house Exchange solution to an outsourced Hosted Exchange environment, many IT leaders are understandably concerned about security. Some expert sources say Cloud security is fine, while others say there is cause for concern. Knowing who to believe requires a deep understanding of the issues around data security. Here is what you need to know about data security vulnerabilities, and how to protect your organization (statistics per a Wired.com study. Note that they do not add up to 100% because most breaches involve a combination of two or more.):
Hacking represents a whopping 81% of data breaches
Obviously, preventing and intercepting hack attacks must be any organization’s top security concern. In an on-site data center, it’s important to identify who is responsible for monitoring and assessing protections against hackers. Often, this duty is dispersed among IT personnel who are also burdened with other responsibilities and may not have time to maintain up-to-date knowledge and expertise on the latest hacking techniques and prevention. A reputable Cloud provider, on the other hand, employs highly trained security experts who monitor and update accounts 24/7/365. Always-on security monitoring ensures that in the event of a hacking attempt, it can be intercepted immediately, usually before the client organization even knows it began.
Malware attacks represent 69% of data breaches
Maintaining updated malware protection is time-consuming, costly, and often delayed in an on-site data center, despite its critical importance.Many on-site IT staff are overburdened with maintenance tasks, and malware protection updates can go unnoticed or be delayed. Reputable Cloud providers have specialized staff trained specifically in maintaining security protocol, and invest in the latest top-of-the-line malware protection, firewalls, hardware, etc. to ensure your email is private and secure.
Physical security is often the #1 weakness of an in-house data center
Physical attacks represent a significant 10% of data breaches. In many in-house data centers, doors may or may not be locked, access may be granted to repair people who are not knowledgeable about IT and may not even be employees, racks may be accessible to any employee at any time. Even a locked door represents only a minor obstacle to a malicious attack, such as from a disgruntled employee or subcontractor. All reputable Cloud data centers are located in highly secure facilities that require multi-factor authentication including physical media (keys, key fobs), biometrics (fingerprints, retina scans), and passcodes, and are monitored 24/7/365 by trained security guards and video surveillance.
Social attacks—those that rely on manipulation or deception to convince employees to share sensitive data—represent another 7% of data breaches.
Most social attacks take place via email—pretexting (pretending to be someone with a legitimate right to the information), solicitation and bribery (offering something in exchange for information), phishing (posing in email as a legitimate organization and directing the user to a fake site that then collects sensitive information such as usernames and passwords), and elicitation (extracting information through subtle conversational cues). Data Center providers use the latest software for detecting and intercepting social attack attempts using current algorithms. In most cases, attempts never even reach your user’s inboxes.
As you can see, it’s rare that an organization’s in-house data center can offer the high level of security that is standard at most Cloud data centers.