One of the more troubling aspects of cloud security is that as business users exert more control over cloud application selection, the less attention there seems being paid to fundamental IT security issues. The end result, finds a survey of 200 IT organizations in the U.S. and another 200 in the UK conducted by SailPoint, a provider of identity and access management software and services, is that while there are more mission-critical applications in the cloud than ever, the IT organization is playing catch-up in terms of securing those applications.
According to Jackie Gilbert, vice president and general manager of the SailPoint cloud business unit, the rise of cloud applications has definitely led to a weakening of access control policies as the involvement of IT shrinks. What’s not clear is whether this is a permanent state of affairs or something that organizations will more forcefully address as their understanding of the security implications of cloud applications continues to mature. In the meantime, however, it’s not all that uncommon to see business users sharing passwords to access cloud applications that are being paid for out of a “shadow IT” budget.
Despite the concerns over cloud security, a significant percentage of the IT organizations are already storing high-risk data in the cloud. Whether that’s done with any deliberation is anybody’s guess, but more than likely it’s a function of end users choosing to store data in what they perceive to be the most convenient place.
Naturally, the debate continues over just how secure these cloud applications are. While we’ve yet to witness a major breach, some feel it’s only a matter of time before one or more clouds winds up being systematically compromised. Others argue that cloud application providers are inherently more secure than internal IT organizations that often lack the resources needed to effectively secure that data.
Regardless of how anybody feels about those issues, the debate itself may be moot. Clearly, sensitive data is finding its way into the cloud, which means the real issue at this point is making sure data is secure wherever it happens to be stored at any given moment.