WYSE Travel Confederation | wysetc.org
Cloud security: What every Executive should ask their IT team
WYSE News | July 3, 2025

Because “It’s in the cloud” isn’t the same as “It’s safe.”

Once upon a time, your company’s data lived in a server room — probably next to the kettle, and hopefully with a fan pointed at it. Today, it’s more likely to be floating around in the “cloud.” Sounds lovely, doesn’t it?

But here’s the truth: the cloud is not a magical skybox that automatically protects your business. It’s just someone else’s computer — and you’re still responsible for what happens to your data there.

So let’s clear the fog on cloud security and give you the tools to ask smart questions (without needing to understand how AWS, Azure, or Google Cloud actually work).

What is “The Cloud” anyway?

At its simplest, the cloud just means you’re storing data or running software on the internet instead of on your local computers or servers.

If your business uses Google Workspace, Microsoft 365, Dropbox, Salesforce, or even Zoom — you’re already in the cloud.

Cloud services are flexible, affordable, and allow teams to work from anywhere. But that convenience brings shared responsibility — and that’s where many companies get it wrong.

Who’s Responsible for What? (Spoiler: You Are)

One of the biggest myths in cloud computing is: “It’s their problem, not ours.” But cloud providers usually operate on a shared responsibility model. In plain English:

  • They protect the infrastructure: physical security, power, cooling, etc.
  • You protect your data: access controls, passwords, user permissions, backups. In other words, if someone hacks your admin password or an employee shares sensitive info by accident, the cloud provider won’t fix it. That’s on you.

The top cloud security risks (and what to do about them)

Let’s look at the most common ways businesses run into trouble in the cloud — and how to avoid them:

  1. Misconfigured Settings
    Ask: “Who controls our cloud settings — and are they regularly reviewed?”
    Many cloud breaches happen because someone left the door open — like a file share marked “public” that shouldn’t be.
    Fix: Only let trained people change settings. Review sharing permissions regularly.

     

  2. Weak Access Controls
    Ask: “Do all users have only the access they need — and nothing more?”
    Not everyone needs admin rights. And former employees shouldn’t still have access to your systems.
    Fix: Use the principle of least privilege — people only get what they need to do their job. Remove access quickly when people leave.

     

  3. Lack of Multi-Factor Authentication (MFA)
    Ask: “Are all cloud accounts — especially admin ones — protected with MFA?
    Without MFA, a stolen password can give someone the keys to your kingdom.
    Fix: Make MFA non-negotiable for all cloud systems.

     

  4. No audit or activity logs
    Ask: “Can we track who accessed what — and when?”
    If something goes wrong, you’ll want to know who did it, how, and when.
    Fix: Turn on audit logs and alerts in your cloud tools. Make someone responsible for checking them.

     

  5. Assuming backups are handled
    Ask: “Are we backing up our cloud data ourselves — or just assuming it’s safe?”
    Many cloud services offer limited backup. Accidentally deleting a file? You may only have 30 days (or less!) to get it back.
    Fix: Use dedicated backup solutions for your cloud data — especially for email, documents, and CRM records.

Red flags for leaders to watch

  • “Everyone uses the same login.”
  • “We’ve never checked who has access.”
  • “We just trust the provider to handle everything.”
  • “We don’t know where our data is stored”

These are warnings signs that cloud convenience may have quietly replaced good security hygiene.

Your role as a leader

You don’t need to know how to configure a firewall rule in AWS. But you do need to:

  • Fund and prioritise cloud security.
  • Ask questions regularly — not just after something goes wrong.
  • Support your IT team when they say, “We need to tighten this up.”

Because in the cloud, the biggest risk isn’t the technology — it’s the assumption that someone else is taking care of it.

In short…

The cloud is great — for flexibility, scalability, collaboration. But it’s not autopilot. It still needs a pilot, a map, and regular checks.

So the next time someone says, “It’s in the cloud,” smile and ask, “That’s great — and what are we doing to keep it secure?”

Because a cloudy day is fine. A storm caused by poor security? Not so much.

We are pleased to offer WYSE Travel Confederation members these options to increase your cybersecurity and protect your organisation’s data.

UNWTO - UN Tourism - WYSE Travel Confederation affilation

Contact

Subscribe to our newsletter

+31 20 421 28 00

About
Sector Panels
Events
News

Advocacy
Research
Terms and conditions
Privacy policy

UNWTO - UN Tourism - WYSE Travel Confederation affilation UNESCO - WYSE Travel Confederation

Contact

Subscribe to our newsletter

+31 20 421 28 00

About
Sector Panels
Advocacy
Research
Terms and conditions
Privacy policy