Worlds Apart on Cloud Security
IT and compliance executives are not on the same page when it comes to cloud security.
You might intuitively conclude that most compliance officers would be more skeptical of cloud computing than IT professionals. But a new study of 18,750 individuals in the IT and IT security fields and another 11,569 individuals in various organizational compliance functions conducted by The Ponemon Institute on behalf of Vormetric, a provider of encryption and database security tools, shows that it's the IT professional who has more doubts about cloud security.
According to Todd Thiemann, senior director of product marketing for Vormetric, the study highlights the dichotomy that exists between two key constituencies that have a vested interest in cloud security. Some folks argue that cloud computing is inherently more secure than on-premise computing because the data that needs to be secured is centrally managed by IT security professionals. Others argue that it's the centralization of all that data that makes cloud computing providers a tempting target. And given the fact that there is no "silver bullet" security defense when it comes to IT, it's only a matter of time before major security breaches occur.
Thiemann says that no matter what side of the argument you're on, it is clear companies need to invest more in securing their data, not just network perimeters. The good news is that encryption software is getting easier to manage, and the tools needed to secure the data more pervasive. The real challenge is that too many organizations essentially limit their cloud security investments to firewalls and anti-virus software. Once hackers get past those defenses, most of the data in the organization is wide open for the taking unless it's encrypted.
Obviously, government regulators are getting more demanding about security in general, which means any data stored in the public cloud is probably going to come under a more strenuous review. Given the fact that the fines being levied for data breaches are getting stiffer, while at the same time consumers are becoming more conscious of how these issues are directly affecting them, it's only a matter of time before the cost of not encrypting data starts to exceed the cost of encrypting the data in the first place.