Despite the benefits the cloud provides a recent survey we undertook has revealed that IT security professionals are still wary of taking advantage of the service. Philip Lieberman, CEO, Lieberman Software Corporation, explains why.
Cloud computing is without doubt one of the most heavily-adopted technologies of the 21st century. Where in the past, people would run applications or programs from software downloaded on a physical computer or server in their building, it allows people access to the same kinds of applications through the internet. The cloud provides enormous benefits to organisations, which include cost-saving; as cloud computing services are generally pay-as-you-go, flexibility; as employees can gain access to corporate data from anywhere in the world as long as they have an internet connection, and security; organisations can rely on the security provided by their cloud hosting provider which can often be more state-of-the-art. However, despite the benefits the cloud provides a recent survey we undertook has revealed that IT security professionals are still wary of taking advantage of the service. The survey looked at the attitudes of 300 IT security professionals and it revealed that almost half of them are deterred from keeping sensitive data in the cloud because of fear of possible government and legal interference. There are several reasons why IT experts might be apprehensive about storing corporate data in the cloud. However, the key issues are around Government surveillance, cloud legislation and data security.
IT managers fear that they will put their data at risk by moving to a cloud provider as they are unsure they will keep the data properly protected, which could ultimately affect their job and the business. The other issue is around legislation in the cloud and the fact that IT managers do not want governments snooping around in their corporate data. If a government or official body wanted to see what data a company was holding in the cloud, the cloud host involved would be legally obliged to provide them with access. This means there is very limited privacy in cloud environments and IT managers know it is much easier to hide data within their own private networks. This does not necessarily mean that organisations have something criminal or illegal they would like to keep from the Government, it might just be that the data held is sensitive and they would like to keep it private. However, data stored in cloud environments will be subjected to the same laws as the cloud provider. There is also a higher chance data could be accessed accidently when it is co-hosted in a cloud environment.
However, in order to minimise the risk of cloud data being compromised by governments, there are a number of steps an organisation can take. Firstly, it is always advisable to find out where your cloud provider is located. If they are based in the United States, they will be subject to United States laws, even if you are based in the UK. Once you understand this you will have a better idea of what legislation your data will be held under. Secondly, always check the security provided by your cloud provider. Make sure the security does not put any of your data at risk to cybercriminals. It is advisable to ask your cloud provider about their security before signing any contracts. Finally, always check the terms and conditions of the contract with the cloud provider. Ensure you are not signing up to something that may put your data at risk and that the overall responsibility of your data still lies with you. The cloud offers huge benefits to organisations but it also creates a number of issues which must be considered. It is therefore recommended to fully examine all contracts before signing with a provider to ensure no confidential data is put at jeopardy.