Assess Security of Cloud Computing Apps

New research finds that while cloud computing services are being widely adopted, more than 50 percent of IT professionals surveyed say their organization isn’t aware of all the cloud services employees are using — and few were evaluated for security before use.

The rapid-fire adoption of cloud computing might offer real advantages for small and mid-size businesses, but it also carries significant risks.

Too often, organizations simply aren’t keeping up with the cloud services their employees are using, according to recent research by the Ponemon Institute, an independent think tank focused on privacy and data security, and CA, Inc., an IT solutions provider. More than half of the IT personnel surveyed in the May study said their organization isn’t aware of all the cloud services employees have deployed, and less than half said that cloud services are evaluated for security before use.

“I think it shows a potential security meltdown in using cloud computing,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The IT people and the security people are miles away from the users who are deploying these applications and these technologies.”

A boon to small businesses

Cloud solutions offer “revolutionary potential” for small and mid-size businesses, says Mark White, chief technology officer for Deloitte Consulting LPP’s Technology practice. Flexibility when it comes to contracts, pricing, scale and demand enables small businesses to take on larger competitors.

“The cloud is a real boon to small business. The cloud can be a disruptive force that can help small businesses punch bigger than their size,” says Charles Babcock, author of Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can’t Afford to Be Left Behind (McGraw-Hill, 2010). “The cloud overturns the established way of doing things.”

A cloud checklist

Understanding how your employees are deploying cloud computing and establishing some sense of control are critical to managing security risks, say experts. Consider taking these steps to get a handle on your cloud computing presence:

  • Conduct a cloud inventory. Evaluate all activity your organization is conducting in the cloud. It’s not just a matter of cataloging cloud services embraced by your IT department or at an enterprise level, cautions Babcock. Just because you haven’t embraced cloud computing doesn’t mean your employees aren’t working in the cloud.  White often has conversations with CIOs who tell him their organizations don’t use cloud computing, only to find the company’s employees are doing so. Quite often, end users look to get their job done in the easiest way possible. “For employees, some enterprise issues of standardization, information privacy and security may not be at the top of their list,” White says. Be aware that employees might be reluctant to reveal what they’re doing in the cloud if they know they’re violating company policy or taking risks.
  • Become the preferred storefront. Making sure your employees go through your IT department gives you a tighter control on security. “Understand those services your organization might want or benefit from, subscribing to the public cloud,” says White. “Build a services catalog so it’s easier for them to come to you to get that service fulfilled.”
  • Establish a cloud computing policy. Management, IT, and end users should have an understanding of when it’s appropriate to work in the cloud. In the Ponemon survey, 68 percent of IT professionals thought cloud computing is too risky for financial information and intellectual property. In some instances, your company may be in violation of government regulations if certain data is sent out to the cloud. Sensitive information such as employee personnel records, social security numbers and medical information could be at risk in the cloud. “When you send your data to the cloud, you don’t know exactly where it’s going,” cautions Babcock. “It’s not a very good defense for the CIO to stand up in court and say, ‘I had no idea where the data was.'”
  • Vet cloud service providers. Eventually, cloud service providers will likely be able to provide some third-party authentication of security practices, predicts Ponemon.  Meanwhile, it’s up to you to properly vet the cloud providers your company uses. While the emphasis has generally been on cost, you should be asking questions about the co-mingling of data, the security of data centers and whether cloud service providers conduct background checks of employees. “The cloud service provider should be a close and trusted business partner,” Babcock says. “If you don’t feel that way with the cloud vendor you’re talking to, you probably need to go back to the drawing board and find someone you can trust.”

Although cloud computing might pose something of a “security minefield” right now, businesses have little choice but to catch up with the technologies their employees are embracing, says Ponemon. “We’re not going to stop the train. It’s going pretty fast here,” he says. “We know cloud computing is the future. If you’re not doing it, you’re going to be left behind. We have to figure out what to do with the risks we’ve already created.”

Full Source: Inc.com

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

8 Responses to Assess Security of Cloud Computing Apps

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

Are Cloud Servers The Right Choice For Your Business?

Are Cloud Servers The Right Choice For Your Business?

Cloud servers offer power, flexibility, reliability, and client friendly hosting for small and medium businesses that have outgrown shared hosting. New business hosting clients are bombarded with an incredible diversity of different choices for their site’s hosting. It can be a challenge to negotiate the range of platforms and the marketing hype that many hosting…

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

IBM and SAP Announce Industry’s Largest Cloud Deal

IBM and SAP Announce Industry’s Largest Cloud Deal

IBM and SAP Announce Industry’s Largest Cloud Deal IBM and SAP have shaken the cloud computing world this afternoon with the announcement of one of the largest cloud deals in the industry’s history – bringing together two of the largest technology companies in a bid to offer a more holistic service to their clients. SAP…

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

15 Emerging Technologies To Watch Before 2020 The cloud, big data, the internet of things, and wearable technology have all featured heavily in Forrester’s latest list of fifteen technologies to watch before 2020. It is becoming a reality for businesses that they need to adapt and change to an increasingly technologically-minded customer base. Traditional marketing…

Featured Sponsors

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud One of the greatest benefits of the increasingly reliable and ubiquitous state of cloud technology is the removal of business silos and the consolidation of information flow, both in-house and on the road. This is of particular importance to the many different types of professionals whose work involves customer relationship management (CRM).…

Sponsors

Built For The Cloud vs. Adapting To The Cloud

Built For The Cloud vs. Adapting To The Cloud

Built For The Cloud vs. Adapting To The Cloud It may just sound like semantics, but there is a real difference between something that was “built for” versus “adapted to.” Would you rather buy a house that was “designed for” energy efficiency or one that was “adapted to” be energy efficient? “Built for” describes a…

Placement Opportunities - Find Out!

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter