The (Potential) Upside of Cloud Insecurity
September 10, 2012 Leave a comment
- Half of all organizations surveyed in Trend Micro’s 2012 study said “apprehension over security” is a major inhibitor in their adoption of cloud technologies.
- This reticence may actually prove to be a good thing as enterprises examine their own security strategies, and press their providers to offer up proof points around protecting data privacy and integrity in the cloud.
As is the case with the deployment of any transformational technology or IT delivery model, the enterprise migration to the cloud is pushing IT organizations to reexamine their own security postures and policies, and question the practices their providers employ to protect their data. Even as more organizations move workloads into the cloud, many are still reticent about making the leap of faith into an on-demand environment, and perhaps for good reason. A recently released survey of IT professionals sponsored by security vendor Trend Micro found that 41 percent of companies in the U.S. that had deployed workloads in the cloud experienced some kind of lapse or security breach.
Beyond the scope of this particular study, organizations as a whole express concerns about the security of on-demand environments that go beyond their own experience, citing everything from lack of cloud security standards and compliance concerns to insufficient transparency about data location and specific security measures supplied by their cloud providers. These concerns are significant enough to keep many on the sidelines of the cloud for the time being, with half of those surveyed for the Trend Micro study saying a shared infrastructure of any kind is “too risky” for them to use to support their IT needs.
Yet there is a definite silver lining to all this cloud insecurity if it prompts organizations to take a closer look at their security strategies and perform a thorough gap analysis that they can use to address any shortcomings. This uncertainty should also prompt enterprises to push their providers for a complete accounting of what they think constitutes effective cloud security. Providers should also be able to supply their clients with the support they need to comply with government regulations, industry mandates, and their own corporate governance. Unfortunately, as we’ve seen with other major IT transitions in the past, the rush to implement a model as appealing as cloud may supersede the requirement to proceed into the cloud with caution.