Perceptions and Realities of Cloud Security
A new survey suggests that access policies could use a little work.
When I talk to IT people about using the cloud, the reaction I get is usually mixed. Some swear by the cloud, but others are leery, saying that they think the cloud is insecure. (Personally, I'm on the fence. I use the cloud, but I don't put anything sensitive there.)
Over the holiday weekend, I saw some interesting cloud-related information coming from the United Kingdom. I haven't investigated enough yet to see if the UK results would parallel any findings in the U.S., but I'll keep searching.
Cisco did a study of 250 UK IT decision-makers across a number of industry platforms, and found that at least one in four IT decision-makers believe the cloud offers a higher level of security than in-house or outsourced IT functions. Yet, only 7 percent of these organizations believe the cloud is critical to their business model. Why such a low number, when a quarter of IT thinks the cloud is secure? From ComputerWorld UK:
Ian Foddering, CTO and technical director at Cisco UK and Ireland, believes that the slow rate of adoption is due to the lack of awareness and education. "People won't even realise they're consuming cloud-based services [even when they use software like Salesforce.com or Cisco WebEx]," he said.
An article at Cloud Pro added that companies aren't moving to the cloud quickly because they believe it is more important to get the IT strategy correct. And don't forget, although a quarter of IT decision-makers think the cloud is secure, the vast majority do not. They do worry about privacy matters and other security issues, and a little more than half think that cloud security should be a shared effort.
That shared effort - or whom controls security in the cloud - is at the heart of cloud security matters, in my opinion. From conversations I've had with CSOs, it still sounds like businesses are still trying to find the right balance of whom should be in charge of security and how security should be monitored.
Cisco's study did find that, no matter what the concerns are involving cloud security, we are going to keep moving in that direction and organizations are going to continue looking for ways to improve security and provide better governance.