Companies, particularly small and medium-sized businesses, are embracing cloud computing. Security has long been the major hurdle to cloud adoption for many users, but is that changing?
According to an infograph on cloud computing trends that I saw on PC World, it looks like SMBs have a new attitude about cloud security. The article accompanying the infograph stated:
But as studies have increasingly concluded that the cloud is as secure as on-premise infrastructure, we’re beginning to see this sentiment shift. One recent study found that 94 percent of SMB cloud adopters report that they have experienced security benefits since moving to the cloud.
On the other hand, ZDNet discusses a recent BT study that challenges this claim about cloud security. While the study agrees that executives are widely adopting cloud computing for enterprise:
… more than three-quarters of IT decision makers are "extremely anxious" about security using cloud-based services.
An AlgoSec survey also found that business leaders and IT departments are skeptical about security in a hybrid cloud format, but at the same time are turning to the hybrid cloud for storing data and deploying applications. As SC Magazine pointed out:
Elasticity, cost savings, and business agility, are some of the reasons why organizations may choose to adopt a hybrid cloud environment, but problems arise for traditional enterprises that do not know how to manage network security in the cloud and have no solutions that provide visibility and manageability with regard to security policies.
So who do you believe? Is the cloud secure or not?
It all comes down to management. Cloud security has to be addressed just as any other security management system. It means understanding what data get stored in the cloud and what data stay on the internal network. It means understanding the different risks and benefits of cloud formats. It’s choosing a cloud vendor with care, ensuring that the vendor practices good security management (according to the BT study, nearly half of the respondents expressed concern over how seriously cloud vendors take security). It also means choosing the right tools to enhance security in the cloud, but as an eWeek article stated, citing the AlgoSec survey:
Worryingly, a third of companies that are planning to deploy business applications in the cloud within the next 12 to 24 months do not know which tools they will use to manage their network security policies in the cloud.
Companies can’t just jump into the cloud without a game plan, especially not a security game plan. That is setting you up for a disaster.
The one common thread through these various surveys and studies is that business leaders want to adopt cloud computing, and they are going to move forward on those plans, whether or not good security plans are in place. But they also show that, while security might be improving, it is still lagging behind other security practices.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba