Cloud Security: The Big, Bad Cloud?

PostedOn: 2016-07-25 11:22:12

What are the key concerns about the safety of the cloud? 

Although a greater part of companies trust the cloud enough to use it in some capacity, there are still feelings of distrust with the cloud when it comes to security. In 2012, CIO.com took a survey of IT professionals and found that 46% of them said that they moderately use the cloud, but 54% of them said that security is a high priority for the cloud. Perceptions of cloud security have improved since 2012, but companies are still concerned about the risk of security breaches or getting hacked, both of which could cooperation receptive information. Another concern is that the cloud is unreliable and does not allow users the necessary control over their data. In this article we will discuss what these concerns are and how they can be solved.

Unauthorized access

Unauthorized access to sensitive information is one of the biggest concerns businesses have with cloud computing. According to a survey done by SANS institute, 40% of respondents felt especially concerned with public clouds that have multiple tenants that, with a glitch in the system, could see sensitive data. To protect every user’s data from unwanted viewers the cloud utilizes encryption, a 24-hour cloud security team that looks for fraudulent logins and unusual behavior, and continues to re-authenticate each user's credentials. In the public cloud, other tenants should not be able to get into your company's data. Even if  they could, for whatever reason, your data would be protected by it's SSL encryption and also by a professional cloud security team that's able to identify outside IP addresses and act accordingly.  

Shadow IT

Another concern is the possibility of shadow IT taking information. This may be surprising because we use shadow IT every day, shadow IT is any technology that is not regulated by the company’s IT department such as smart phones and  Google Docs. The security concern for businesses is if they aren't using their own IT team for their cloud security, then their normal IT perimeters aren’t applied to their business solution software. This leaves the door open to end users potentially withholding or sharing information with outsiders. To combat these problems, it’s important that the IT department create policies for monitoring the use of the software and if you don't use your own team use a host that has user policies that your company is comfortable with.  

Lack of control and visibility

A lot of companies don’t like the fact that they have to not only entrust, but depend on their cloud service providers to securely store their data. On top of that they feel that they don’t get enough visibility into how they operate. This really boils down to picking an experienced, well-trusted cloud service provider that doesn’t make your company feel out of the loop but rather that they are working together in partnership.  

Doesn’t support penetration testing

When SANS gave out their cloud security survey they asked participants if they experienced any security breaches only 9% had experienced an actual breach. However, 25% weren’t sure because they aren’t allowed to properly regulate and conduct penetration tests to make sure there aren’t any breaches. In all fairness, the problem isn’t necessarily that they go unnoticed like the cloud is a lawless land. Their cloud service providers or 3rd party hosts should be taking care of those potential breaches; they just don’t know it, which is the problem.

Maintaining compliance

What comes along with not knowing how they operate and control your data is that it can be more difficult to make sure you’re in compliance with industry standards. In the SANS survey 72% of all respondents felt that compliance with industry standard was a concern when using cloud services.

Part of the problem people noticed when moving to the cloud is that some IT professionals weren’t prepared to defend against cloud security threats. Of course, this is a human error of the early “cloud pioneer” days that has since been acknowledged and rectified, but it still has had an effect on the way businesses view cloud computing. If you’re thinking of moving to the cloud it is imperative that proper cloud security training is given to your IT department or your company must go to a trusted 3rd party cloud security host.

In the same way the cloud gives companies a lot of options on how they access their data, it also gives users various ways to protect their investment. This gives buyers the confidence to know that the cloud isn’t so big and bad after all.