My head has been in the clouds a lot lately. Almost daily I’m reading or writing about cloud technology and with that comes the never-ending discussion of cloud security. There are days when I think that there are an awful lot of people — and some in IT — who see the cloud as a mystical place with different security rules and concerns than elsewhere in the network. And maybe they are right to some extent. The cloud is going to have slightly different security needs, but that cloud security is still approached or discussed as if it were unattainable or more difficult to manage is what’s mystical to me.
I bring this up today because Trend Micro just released the results of its survey, “Cloud Security Survey Global Executive Summary.” The online survey covered seven countries and 1,400 participants (200 per country) who are with companies of over 500 employees. Essentially the results found that companies are struggling with cloud security. According to the report:
Globally, 47% of the respondents who are currently using a cloud computing service reported they have experienced a data security lapse or issue with the cloud service their company is using within the last 12 months. Incidence of data security lapse or issue increased from 43% in 2011 to 46% (excluding Brazil, which was not surveyed in 2011) in 2012. India had the biggest increase of 12%, followed by Japan (7% increase) and Canada (6% increase).
The survey also pointed out that over half of the respondents said that security is a key reason for why they are balking on cloud security, and the same number (53 percent) said they’d be happy to try the cloud if cloud providers took a more hands-on approach to security.
Is that what scares folks about the cloud? Is it because there are multiple organizations involved in the storage and access of data? Perhaps the real problem with cloud security is the communication breakdown between the different entities involved in cloud storage and access. Everybody has to be on the same page, and that only comes about with solid communication practices.
In fact, better communication makes up the first two tips from Cameron Camp at ESET, who wrote a fabulous post that outlines tips for better cloud safety. Those tips are:
- Know your cloud provider.
- Define your business need.
He included five other tips, which I highly recommend you read and print out to keep as a reminder for how to approach not only cloud security, but all network security.
The cloud isn’t a scary, mythical place if you approach it with an open mind and a good security plan.