Cloud services have to be thoroughly robust with their protection measures as they have thousands of doors to cover, whereas the attacker only needs to be successful with one door.
It's precisely why we recommend that all cloud services are fully backed up in a way that is segregated from the main vendor's production system. That includes things like 365, which really only has rudimentary backups/version control, but it applies to most cloud services unless they clearly specify that they go above and beyond, and cover a period that you are comfortable with.
Much of this has to fall on the people taking the cloud services though. The rush to the cloud seems to stop proper due diligence. Promises of cheaper solutions are so enthralling that I think people often forget to check the T&Cs.
What I've generally found is that when you apply all of the additional controls and measures to ensure you and your data is protected to a comfortable level, the "its cheaper" argument is usually lost, or at best it becomes break even.
The key to taking on any cloud service is not to see it as a cheaper way of doing business - and instead to ensure you measure the benefits properly. If its still beneficial to move, then do so. If not, reassess and return to market.
My answers
Cloud services have to be thoroughly robust with their protection measures as they have thousands of doors to cover, whereas the attacker only needs to be successful with one door.
It's precisely why we recommend that all cloud services are fully backed up in a way that is segregated from the main vendor's production system. That includes things like 365, which really only has rudimentary backups/version control, but it applies to most cloud services unless they clearly specify that they go above and beyond, and cover a period that you are comfortable with.
Much of this has to fall on the people taking the cloud services though. The rush to the cloud seems to stop proper due diligence. Promises of cheaper solutions are so enthralling that I think people often forget to check the T&Cs.
What I've generally found is that when you apply all of the additional controls and measures to ensure you and your data is protected to a comfortable level, the "its cheaper" argument is usually lost, or at best it becomes break even.
The key to taking on any cloud service is not to see it as a cheaper way of doing business - and instead to ensure you measure the benefits properly. If its still beneficial to move, then do so. If not, reassess and return to market.