Cybersecurity

AWS: Security Not a Priority For a Third of SMBs

Cybersecurity is not a strategic priority for 35% of SMBs considering cloud migration, Amazon Web Services (AWS) has revealed.

The cloud infrastructure giant surveyed more than 800 C-suite execs, VPs and directors from global SMBs to better understand their attitudes to cloud security and uncovered three misconceptions.

These were:

  • Security is an added cost rather than a growth enabler. This was borne out by the fact that 41% of respondents haven’t delivered any security training, and just 43% said they plan to do so in the next 12 months
  • Data in the cloud isn’t as secure as it is on-premises. Half (50%) of respondents expressed concerns about this
  • Organizations need a large IT team and significant resources to maintain a strong security posture in the cloud. Two-fifths (40%) of respondents claimed that a lack of skilled staff is a major barrier to investing in security

Read more on cloud security: IT Pros Name Misconfiguration #1 Cloud Security Threat

AWS attempted to assuage these concerns, claiming that stronger security can actually drive revenue, growth and customer trust by mitigating business risk and potential downtime.

Even those with a limited budget and small IT teams can find strong, automated solutions to maintain continuous security and compliance in the cloud, it added. AWS claimed that managing security on-premises is more complex, time-consuming, manual and siloed than doing so in the cloud.

However, there remain legitimate security considerations for those looking to migrate data and workloads to the cloud.

The shared responsibility model is still often misunderstood, leaving some firms exposed. It posits that while the cloud provider takes care of securing the infrastructure itself, customers are responsible for protecting their most sensitive data and other elements.

Additionally, complexity can soon build in hybrid cloud environments, especially when organizations are investing in platforms from multiple cloud providers. Misconfiguration of systems is a top threat, exacerbated by skills shortages.