Concern over security is often the top reason IT departments cite when asked why they have yet to incorporate cloud computing into their organization’s resource portfolios. Security remains a sticking point, despite the cloud industry’s great strides lately to address these concerns, such as developing compliance monitoring software for cloud vendors.
This security anxiety is on full display in the findings of the European edition of Vormetric Data Security’s “2014 Insider Threat Report.”
The data security provider’s recent survey, which focused on 540 senior IT professionals and business managers across France, Germany, and the United Kingdom, revealed that respondents’ the top three concerns around cloud computing were:
- lack of visibility into service provider security measures (59 percent)
- potential for unauthorized third-party access to data (57 percent)
- lack of control over where data is stored (55 percent)
These concerns reflect the general confusion about cloud computing. The anxieties among organizations that have yet to take the cloud plunge seem less about concrete security issues and more about the perception of them.
Cloud providers are reticent about advertising the details of their security measures, as they are viewed as an area of competitive advantage that would be nullified if there was total transparency. Service providers being hush-hush about security measures isn’t likely to change anytime soon.
Concern over the viability of a third party being able to access an organization’s data in a cloud is still being debated. To date, there have been very few instances of this type of breach, such as the Zeus botnet found in Amazon.com’s EC2 domain, which was reported back in December 2012.
However, knowledge of where data will reside is and should be a part of any conversation with a cloud vendor and included in the service level agreement (SLA) prior to signing a contract.
The Vormetric survey respondents did have some suggestions for how to alleviate some of their worries around cloud security:
- better service level commitments and liability terms for a data breach caused by either the provider or another customer (59 percent)
- encryption of the organization’s data with local control maintained over encryption keys (57 percent)
- making detailed physical and IT architectural implementation information available to cloud customers (57 percent)
The cloud computing industry is still experiencing growing pains. There a great deal to be learned about the threat potential within this complex technology — as much as there is to learn about how to work with organizations to adequately address their concerns and convince them that cloud computing lives up to its hype.