Perceptions and Realities of Cloud Security
A new survey suggests that access policies could use a little work.
Have you given much thought to security in your company's cloud? If you haven't, you certainly aren't alone. A new survey conducted by Information Security Breaches Survey (ISBS) from Pricewaterhouse Coopers (PwC) found that 56 percent of small businesses don't bother to check on the security provisions of external hosting services, and only 38 percent of large corporations make sure that the data in the cloud is encrypted.
As Chris Potter, PwC information security partner, pointed out in a CloudPro article, companies of all sizes need to stop taking a laissez-faire attitude toward protecting data stored in the cloud. He claims that small companies tend to think that their cloud hosts are taking care of security on their end, which isn't necessarily the case. Why large companies don't look closer at cloud security, I do not know. Perhaps they are caught up by the same mindset as SMBs, thinking that someone else is worrying about it so they don't have to.
There have been plenty of reports and studies over the past year or two stating that a prime reason companies shy away from the cloud is security concerns. I can see why they are concerned - it doesn't seem like many companies are actually doing much to secure that data. Security in the cloud has to take higher precedence. It is only a matter of time until hackers begin targeting data stored on external sites seriously. We're now seeing malware engineered specifically to attack data in the cloud, with the new Zeus configuration.
According to the report, more employees use their own mobile devices to access corporate IT systems, yet few companies have implemented policies and controls to protect the data stored on employee-owned devices. And, while organizations see the benefits of social networking sites, few monitor how the sites are used by their staff.
Very few, in fact. While 61 percent of SMBs and 75 percent of large companies have approved the use of personal mobile devices on the business network, only 39 percent of large businesses and 24 percent of SMBs require or apply data encryption on those devices. Again, it seems like those who make security decisions are expecting others to take care of things.
My takeaway from this survey? The way companies of all size are evolving is in the way they use technology to conduct business, but there is no big push to make sure that security follows along with those changes. In today's world, security and technology have to go hand-in-hand, and someone has to be the final decision maker when it comes to security efforts.