Misconceptions persist about cloud computing, despite it being mainstream for more than a decade. Only 29% of survey respondents back up their SaaS application data, according to Kaseya’s State of IT Operations Report for SMBs, published Thursday. While the total number of respondents was not disclosed, half of the respondents in Kaseya’s survey are IT managers or system administrators at companies with fewer than 5,000 employees.
Nine out of 10 respondents said they back up their servers, underlying a disparity in disaster recovery planning between on-premises equipment and cloud systems. Thirty-one percent of respondents have a formal business continuity / disaster recovery plan approved by management, the report notes, with 34% indicating the ability to recover at a seperate site automatically. One third of respondents have adopted cloud backup services.
The prospect of cloud backup being the top choice of businesses may be hampered by regulatory concerns, particularly as specific industries face a higher level of regulation in addition to broadly applicable regulatory frameworks, such as GDPR. Patient-facing healthcare operations, for example, must contend with HIPAA when storing data in the cloud. Likewise, PCI and Sarbanes-Oxley (SOX) retention requirements can be a factor when adopting cloud services.
Thirty-one percent of respondents have taken measures to ensure HIPAA compliance, according to the report, with 26% doing the same for PCI, 16% for GDPR, and 11% for FERPA.
A significant relationship between outages and data breaches
Nearly 61% of respondents indicating a security breach over the past year experienced two to four outages, which Kaseya reports is a 15% increase compared to 2018. “This correlation is likely attributable to the IT Operational Maturity Level of the organization,” the report states. “Lower maturity equates to more data breaches and outages.”
Timely application of software patches is vital to decreasing potential risk of security breaches, though only 65% of respondents apply critical OS patches within 30 days of release, and only 42% using or planning to use automated software patching. A significant drop-off for third-party application patches was found in the survey, with only 42% of respondents applying critical security patches within 30 days.
Data breaches are marginally lower year over year, with 32% of respondents experiencing a breach in the past five years, while 35% reported the same in 2018. Ten percentof respondents had at least one breach in the past year, with 12% of respondents experiencing a ransomware attack in the last year. “Ransomware attacks are increasingly targeting enterprises rather than consumers,” the report states. “Consequently, ransomware is still a considerable threat to midsize businesses.”
Increased ransomware attacks against government offices have been observed in 2019, with more than 70 municipalities falling victim to ransomware attacks so far this year, and multiple six-figure payouts by local governments to recover their data, despite the prostestations of residents who do not want their tax dollars going to criminals.