Cloud computing is so ubiquitous that most companies have evaluated, if not already implemented, a cloud-based strategy. With benefits that can’t be refuted, small to medium sized companies are turning to the cloud in droves. Although the cloud produces infrastructure efficiencies and increased overall organizational flexibilities, the associated security issues have proven to be significant barriers to more wide-spread implementation. As cost-effective and efficient as cloud computing is touted to be, is the concept too good to be true? How truly secure is the cloud?
More than 80 percent of 4,000 business and IT managers worldwide surveyed are transferring, or plan to transfer, sensitive or confidential data into the cloud; nearly half the respondents’ organizations already do so, and another one-third are very likely to transfer sensitive or confidential data to the cloud within the next two years, according to a recent survey conducted by the Ponemon Institute on behalf of Thales E-Security. With so much emphasis on cost savings and efficiencies it’s no wonder so many companies are making the migration, but it’s into a relatively unknown arena.
According to Intel, the world’s largest and highest valued semiconductor chip maker, security ‘in the cloud’ refers to a set of policies, technologies, and controls designed to protect data, infrastructure, and clients from attack while enabling regulatory compliance. Moving an internally-supported IT infrastructure to a cloud-based environment logically seems to put the security of sensitive corporate data at risk. When data is moved to the cloud how can corporations mitigate the wide array of security vulnerabilities?
Since most employees have the ability to access corporate applications from their laptops and/or smartphones, a mobile device security management policy is critical. Devices that run software locally or access cloud infrastructure are likely targets for security breaches. It must be possible for mobile device users to safely access the cloud without compromising the enterprise infrastructure. Integrated and well-executed Mobile Device Management (MDM) policies will help to ensure data is protected on the ‘front line’.
Many industries already insist on data encryption when the transmittal of personal information is involved. For example, the insurance industry insists on the encryption of emails if the transmittal includes any personal data that could be valuable to an identity thief. Healthcare and most types of financial services also require data encryption. Especially if data is to reside in the cloud, cryptography is the key to its safety.
If an effective MDM policy is in place and the data is well encrypted, the issue of owning data security remains. Who ultimately owns the security of the data – the business or the cloud service provider? As choosing a cloud service provider is such a multi-faceted, complex process, each is seeking their own differentiators and value propositions. The effective ones are becoming acutely aware of the need for security transparency and compliance monitoring.
Cloud computing is among the more impactful technological innovations the industry has seen with obtuse, immediate benefits. However, as the concept is still in its infancy, it is challenging to determine the longevity and effectiveness of the overall strategy due to the inherent security risks.