Report: Cloud security confidence flourishes as market matures
Businesses are gaining confidence in their cloud providers' ability to secure confidential assets without problems.
Although cloud computing has been recognized for its ability to improve operations in the enterprise for the past several years, the fluctuating adoption rates throughout its existence suggest that decision-makers have not always wholeheartedly embraced these benefits. While there are numerous reasons that have contributed to lower deployment statistics over the years, security was often touted as the primary inhibitor to cloud projects. This is because executives often have trouble overcoming the fact that the public cloud requires them to migrate sensitive information to an off-site environment that is often outside of their control.
Yet as businesses use the cloud for more operations, including hosting business phone systems, data warehouses and other crucial technologies, decision-makers are becoming more comfortable with the idea of trusting a third party to keep confidential information safe. While this is partially due to the fact that cloud technologies themselves are maturing and evolving, it is also because organizations are becoming more familiar with consumerization trends and the ultimate inevitability of the cloud.
A recent study of more than 4,000 businesses around the world by Thales e-Security and the Ponemon Institute highlighted the blooming confidence in the cloud, revealing that the majority of respondents regularly migrate confidential information to the cloud.
"Staying in control of sensitive or confidential data is paramount for most organizations today and yet our survey shows they are transferring ever more of their most valuable data assets to the cloud. In this, our second year of conducting this survey, we wanted to dig a little deeper and explore the difference in attitudes about the most common types of cloud services - IaaS, PaaS and SaaS," said Larry Ponemon, founder and chairman of the Ponemon Institute.
The study found that businesses are using the cloud for more processes and have more faith in their providers' ability to keep sensitive resources safe. This is especially important when companies are using a hosted PBX system, as unsecured communication tools can lead to their unavailability and, as a result, an inability to keep operations functioning.
Cloud security confidence thrives
Because the cloud is used for a variety of purposes today, especially when organizations are looking to develop and support a remote workforce, enterprise decision-makers need to work with cloud partners to ensure the resources hosted in the virtual environment remain safe. Fortunately, organizations have more faith in their cloud vendors than ever before, as 56 percent of respondents believe their providers have the skills and tools needed to protect confidential data, up from 41 percent in 2011.
"Perceived responsibility for data protection, awareness of security measures, confidence and impact on overall security posture illustrate important regional and service type differences but overall the trend is positive. Respondents generally feel better informed, more confident in their cloud service providers and more positive about the impact on their security posture compared with last year," Ponemon asserted.
At the same time, however, enterprise executives cannot place all of the security burden on providers, even though more than 60 percent of respondents believe the vendor is primarily responsible for security. The fact of the matter is that companies are still held accountable by customers when sensitive consumer information is made public. For this reason, decision-makers need to establish well-rounded governance protocol that ensures employees and other internal parties prioritize the protection of confidential data.
Governing the cloud
Computer Weekly highlighted the importance of understanding how and why the cloud is being used in the workplace, as failing to comprehend the basic needs of the hosted environment will make it more difficult to govern. If companies are using a cloud VoIP system, for example, employees should understand the advantages and, more importantly, the risks that may be associated with accessing the VoIP network from outside of the office on a personal smartphone.
Meanwhile, the cloud's inherent ability to support teleworking strategy does not mean people should be free to do whatever they desire without fear of consequences. If a cloud strategy is to be effective in the long run, executives need to ensure the hosted solutions meet compliance requirements and do not jeopardize the overall security of information that needs to stay private. If enterprises lose control over their security endeavors while in the cloud, their reputation for keeping sensitive assets safe may be damaged, and prospective clients may refuse to do business with them.
Nevertheless, businesses should not be intimidated into eschewing the cloud, especially as providers mature and develop more robust tools that can keep mission-critical resources safe from unauthorized users. By planning ahead and working with a trusted service provider, enterprises will be able to leverage a variety of cloud solutions more effectively, providing employees with new ways to carry out day-to-day tasks without compromising the ability to keep confidential data out of harm's way.