Though comfort levels are rising, security remains a boilerplate theme of media coverage around cloud computing.

September 8, 2016

4 Min Read
Why You Shouldnt Lose Sleep Over Cloud Security

By Charles Cooper 1

Even while comfort levels with cloud computing are rising, there is still a great deal of concern about cloud security. Sound familiar? It should–that was the boilerplate theme of media coverage around cloud computing security a couple of years ago, and it’s the same today.

Back then, the conversation trigger was yet another research report detailing the security risks that companies encountered as they migrated data to the cloud. While the cloud was portrayed as an essential technology tool helping businesses become more agile and innovative, the mandatory caution was that all this could all come asunder if done without due attention to basic security precautions.

Remarkably, it's a couple of years later and the storyline hasn’t changed. Hardly a week passes without more data testifying to the cloud’s increasing penetration and its status as the new normal in the enterprise. Yet the same basic security concerns remain.

Consider, for example, some of the conclusions in a recent study of cloud computing conducted by the Ponemon Institute:

  • Half of all cloud services and corporate data stored in cloud are not under the control of IT.

  • Just one-third of sensitive data stored in cloud-based applications is encrypted.

  • More than half of companies aren’t equipped to comply with privacy and security regulations governing the storage of data in cloud environments.

The findings speak to legitimate challenges that companies still face. However, balance that against the fact that 73 percent of the respondents in the survey also considered cloud-based services and platforms key to their organizations' current and future operations, while 81 percent said they will become even more important in the next two years.

When you step back from the day-to-day headlines, this is a good news harbinger. Cloud computing has proven a lot safer than many thought it would ever be, and companies have largely avoided the skeptics’ worst-case scenarios.

Enterprise perceptions of cloud security are also evolving. Since it began polling, security provider Bitglass found that more than half of enterprises it surveyed (52 percent) believe that cloud applications are as secure or more secure than premises-based applications. A year ago, just 40 percent said so.

To be sure, wider cloud adoption brings with it an increased security risk. That’s to be expected given the cloud’s higher profile. Unfortunately, hackers are invariably going to test whether cloud deployments are vulnerable because they know that’s where companies are storing valuable IP and customer data.

Companies need to take measures to contain the risk from unauthorized access or data leakage. More than ever, data privacy is going to be a top concern, especially given stringent regulatory requirements designed to protect customer information. Security executives will have to safeguard their clouds against growing threats from attacks by purveyors of malware, ransomware, APTs and others attempting to gain unauthorized access to corporate data.

But none of that is reason to lose sleep. In fact, the data privacy of companies and customers is theoretically more secure in the cloud than it is on premises. As always, though, dependable cloud security depends on choosing the right policies and controls.

It also requires the active intervention of board level executives–including an engaged CEO–to transform security into a strategic business goal. More companies are investing in cloud cybersecurity to pay for proper tools and training. Those without the internal resources will turn increasingly to managed cybersecurity services providers or other third-party consultants to pick up the slack if IT doesn’t have a handle on cloud security.

MSPs can also provide guidance help by promoting the use of stronger encryption, usage policies, policy management and other controls to ensure the security integrity of a company’s cloud deployment. At the same time, they should push the people in power to implement access rights and authentication of users and devices that request cloud service. This may not be popular with employees, but it’s for the company’s own good. Ditto for urging IT to crack down on so-called shadow IT usage within the enterprise–or, at least, to carry out audits to discover who is doing what. In the cloud era, too much is at stake to let yesterday’s sloppy routines carry into the future.

If they do, then that would be cause to lose sleep.

This content is underwritten by VMware — and is editorially independent. It is produced in accordance with conventional standards of business journalism.

Charles Cooper is an award-winning freelance author who writes about business and technology. During his 30-plus year career, he has worked as an executive editor at several leading tech publications including CNET, ZDNet, PC Week and Computer Shopper.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like