he Security for Business Innovation Council, comprising of IT security professionals heralding from 19 stalwart companies worldwide predict that cloud computing and cloud security will be the most disruptive technologies this year. As the shift to cloud computing is becoming the inevitable way forward for companies despite security concerns, at least 45% of CIOs are approving cloud migrations without verifying security measures, reports Robert Half International.
Overworked IT staff in companies – juggling migration, integration and regulatory responsibilities – is giving in to cloud deployments without running security checks or ensuring that cloud vendors have the requisite cloud security measures in place. This does not bode well for companies or their customers as cloud networks are increasingly compromised and targeted by malicious hackers and fraudsters.
According to the Information Security Shake-Up report released by The Security for Business Innovation Council, ‘many organizations are preparing to move more business processes to the cloud including mission-critical apps and regulated data.’ But even as regulators, CXOs and middle managers warm up to the cloud, there are ‘gaps’ in how well companies are planning for any transition to the cloud owing to a lack of understanding and communication on the criticality and need for cloud security implementation.
Cloud security issues
Cloud security issues are divided into those faced by cloud vendors and those faced by their customers. These can be grouped into: security and privacy, compliance, and legal or contractual issues.
Security and privacy issues include incorporating an identity management system (company or vendor owned), ensuring physical security of the infrastructure and servers, availability, application security, customer data privacy and safety, and legal issues including e-discovery, data restoration, etc.
Compliance issues pertain to the conformance of data storage, transmission and safety with regulations such as HIPAA or PCI DSS, business continuity and data recovery plans, producing audit trails and logs, and managing data jurisdiction across regional borders.
Legal and contractual issues are about liability, intellectual property and end of service terms. They also involve ensuring public availability of records for relevant domains and situations.
Cloud security controls are designed to prevent, deter, detect and correct security attacks that cause any of the abovementioned issues.
The CSA Cloud Security Alliance is a member-driven organization that advocates best practices for cloud security. Its corporate members include Cisco, eBay, Google, HP, Microsoft, Oracle, Accenture, Adobe, Amazon Web Services, AT&T, Autodesk, Tata Communications, Symantec, and more. The alliance released the CSA Cloud Controls Matrix last year that lays out fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.
According to Phil Sheridan, managing director at Robert Half Technology, ‘The risks of not migrating to the cloud, notably the achievement of significant cost reductions, may outweigh the potential security risks that concern IT executives.’
According to the Ernst & Young Global Information Security Survey 2012, 51% of 1,850 polled information executives in 64 countries hope to increase their budgets by at least 5% in 2013 to address the lack of preventative cloud security measures and ensure business continuity.
So, eager to learn why your business MUST take notice of Mobility ? Or want to decide which app is a right fit for your business? Download your choice !