Assess Security of Cloud Computing Apps

New research finds that while cloud computing services are being widely adopted, more than 50 percent of IT professionals surveyed say their organization isn’t aware of all the cloud services employees are using — and few were evaluated for security before use.

The rapid-fire adoption of cloud computing might offer real advantages for small and mid-size businesses, but it also carries significant risks.

Too often, organizations simply aren’t keeping up with the cloud services their employees are using, according to recent research by the Ponemon Institute, an independent think tank focused on privacy and data security, and CA, Inc., an IT solutions provider. More than half of the IT personnel surveyed in the May study said their organization isn’t aware of all the cloud services employees have deployed, and less than half said that cloud services are evaluated for security before use.

“I think it shows a potential security meltdown in using cloud computing,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The IT people and the security people are miles away from the users who are deploying these applications and these technologies.”

A boon to small businesses

Cloud solutions offer “revolutionary potential” for small and mid-size businesses, says Mark White, chief technology officer for Deloitte Consulting LPP’s Technology practice. Flexibility when it comes to contracts, pricing, scale and demand enables small businesses to take on larger competitors.

“The cloud is a real boon to small business. The cloud can be a disruptive force that can help small businesses punch bigger than their size,” says Charles Babcock, author of Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can’t Afford to Be Left Behind (McGraw-Hill, 2010). “The cloud overturns the established way of doing things.”

A cloud checklist

Understanding how your employees are deploying cloud computing and establishing some sense of control are critical to managing security risks, say experts. Consider taking these steps to get a handle on your cloud computing presence:

  • Conduct a cloud inventory. Evaluate all activity your organization is conducting in the cloud. It’s not just a matter of cataloging cloud services embraced by your IT department or at an enterprise level, cautions Babcock. Just because you haven’t embraced cloud computing doesn’t mean your employees aren’t working in the cloud.  White often has conversations with CIOs who tell him their organizations don’t use cloud computing, only to find the company’s employees are doing so. Quite often, end users look to get their job done in the easiest way possible. “For employees, some enterprise issues of standardization, information privacy and security may not be at the top of their list,” White says. Be aware that employees might be reluctant to reveal what they’re doing in the cloud if they know they’re violating company policy or taking risks.
  • Become the preferred storefront. Making sure your employees go through your IT department gives you a tighter control on security. “Understand those services your organization might want or benefit from, subscribing to the public cloud,” says White. “Build a services catalog so it’s easier for them to come to you to get that service fulfilled.”
  • Establish a cloud computing policy. Management, IT, and end users should have an understanding of when it’s appropriate to work in the cloud. In the Ponemon survey, 68 percent of IT professionals thought cloud computing is too risky for financial information and intellectual property. In some instances, your company may be in violation of government regulations if certain data is sent out to the cloud. Sensitive information such as employee personnel records, social security numbers and medical information could be at risk in the cloud. “When you send your data to the cloud, you don’t know exactly where it’s going,” cautions Babcock. “It’s not a very good defense for the CIO to stand up in court and say, ‘I had no idea where the data was.'”
  • Vet cloud service providers. Eventually, cloud service providers will likely be able to provide some third-party authentication of security practices, predicts Ponemon.  Meanwhile, it’s up to you to properly vet the cloud providers your company uses. While the emphasis has generally been on cost, you should be asking questions about the co-mingling of data, the security of data centers and whether cloud service providers conduct background checks of employees. “The cloud service provider should be a close and trusted business partner,” Babcock says. “If you don’t feel that way with the cloud vendor you’re talking to, you probably need to go back to the drawing board and find someone you can trust.”

Although cloud computing might pose something of a “security minefield” right now, businesses have little choice but to catch up with the technologies their employees are embracing, says Ponemon. “We’re not going to stop the train. It’s going pretty fast here,” he says. “We know cloud computing is the future. If you’re not doing it, you’re going to be left behind. We have to figure out what to do with the risks we’ve already created.”

Full Source:

Follow Us!


Established in 2009, is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

8 Responses to Assess Security of Cloud Computing Apps

CloudTweaks Sponsors - Find out more!


Top Viral Impact

Cloud Computing Adoption Continues

Cloud Computing Adoption Continues

Cloud Computing Adoption Continues Nowadays, many companies are changing their overall information technology strategies to embrace cloud computing in order to open up business opportunities.  There are numerous definitions of cloud computing. Simply speaking, the term “cloud computing” comes from network diagrams in which cloud shapes are  used to describe certain types of networks. All

2014 Future Of Cloud Computing Survey Results

2014 Future Of Cloud Computing Survey Results

Engine Yard Joins North Bridge Venture Partners, Gigaom Research and Industry Collaborators to Unveil 2014 Future of Cloud Computing Survey Results SAN FRANCISCO, CA–(Marketwired – Jun 25, 2014) – Engine Yard, the leading cloud application management platform, today announced its role as a collaborator in releasing the results of the fourth annual Future of Cloud Computing Survey,

Cloud Infographic: Disaster Recovery

Cloud Infographic: Disaster Recovery

Cloud Infographic: Disaster Recovery  Business downtime can be detrimental without a proper disaster recovery plan in place. Only 6% of businesses that experience downtime without a plan will survive long term. Less than half of all businesses that experience a disaster are likely to reopen their doors. There are many causes of data loss and

Cloud Infographic: Most Used Cloud Apps

Cloud Infographic: Most Used Cloud Apps

Cloud app and analytics company, Netskope released its quarterly Cloud Report. The new report reveals that enterprise employees are using an average of 397 different cloud apps (most of which are unsanctioned), when IT estimated they have 40-50 — that’s a tenfold underestimation. Below is an infographic provided courtesy of the group at Netskope which goes into further detail.

Cloud Infographic – The Internet Of Things In 2020

Cloud Infographic – The Internet Of Things In 2020

Cloud Infographic –  The Internet Of Things In 2020 The growing interest in the Internet of Things is amongst us and there is much discussion. Attached is an archived but still relevant infographic by Intel which has produced a memorizing snapshot at how the number of connected devices have exploded since the birth of the

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.


CloudTweaks Media
Phone: 1 (212) 763-0021

Join our newsletter