Mixed signals about the cloud and security abound. A private cloud is more secure than a public cloud, for instance, but most experts would advise against storing critical data in any type of cloud format. And like anything to do with data security, the cloud will always bring risk—particularly when you have to trust a third party (the cloud host) to protect your data.
Many of us use cloud services like Dropbox or Google Docs because they make basic file sharing simple and they are free. But when I use these services, I also recognize that security is spotty. However, I also don’t have to worry about a company network, just my own. Many companies have policies in place to protect their networks from security issues that can crop up with use of these free, consumer-driven cloud services. According to a new survey from SafeNet Labs, however, too many people, including top executives, aren’t following their company’s cloud policies.
Worse is that while employees, including the C-level executives, understand the risk in using cloud services, too many simply don’t care. In fact, executives may be the worst offenders. Some of the key points of the Cloud App Usage vs Data Privacy Survey include:
- 64 percent say they store personal or professional data in cloud applications.
- 53 percent acknowledged that this could be a security risk, but more than half said they don’t worry about it.
- Only 28 percent have a corporate policy regarding usage of file-sharing applications like Dropbox, while another 33 percent don’t even know whether a policy exists.
- 33 percent of executives use Dropbox, versus just 18 percent of associates.
Tsion Gonen, chief strategy officer for SafeNet, stated in a release:
It’s clear that top-level executives understand the advantages of cloud app usage, and should enable their companies to leverage these advantages by adopting contemporary security tools and practices.
I find it troubling that executives want to use cloud services but shrug off the risk. If the leaders of a company aren’t willing to put more effort into good security practices, why should lower-level employees? What will it take to ensure that everyone in a company takes security seriously?