For most companies, certain applications are hosted on the public cloud. Common examples are Office 365, Google services, and pretty much any software that has a web login portal. There is also the private cloud, which compared to public has a significantly smaller and more manageable risk surface.
Because the cloud operates on the back of the internet, it is a prime target for cyber criminals. If part of your workflow does exist on the cloud, chances are there is valuable information being transmitted and hosted on your cloud provider’s servers.
The main risk associated with the public cloud is how big of a target it is. Take Office 365 for example. Many businesses have a significant portion of their workload running through Microsoft’s servers. That makes Microsoft’s cloud infrastructure a huge target with a lot of valuable information. And that’s the sweet spot for cyber threats.
We discussed earlier the proliferation of personal connected devices. Because of that proliferation, businesses began leveraging their employee’s personal devices to save some money while creating a more mobile, connected workflow.
This is traditionally called a bring your own device policy, or BYOD.
54% of SMBs have a formalized BYOD policy. While this policy is a great boon for the remote worker as well as the business, it introduces a whole slew of additional, often unsecured, risks.