Assess Security of Cloud Computing Apps

New research finds that while cloud computing services are being widely adopted, more than 50 percent of IT professionals surveyed say their organization isn’t aware of all the cloud services employees are using — and few were evaluated for security before use.

The rapid-fire adoption of cloud computing might offer real advantages for small and mid-size businesses, but it also carries significant risks.

Too often, organizations simply aren’t keeping up with the cloud services their employees are using, according to recent research by the Ponemon Institute, an independent think tank focused on privacy and data security, and CA, Inc., an IT solutions provider. More than half of the IT personnel surveyed in the May study said their organization isn’t aware of all the cloud services employees have deployed, and less than half said that cloud services are evaluated for security before use.

“I think it shows a potential security meltdown in using cloud computing,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The IT people and the security people are miles away from the users who are deploying these applications and these technologies.”

A boon to small businesses

Cloud solutions offer “revolutionary potential” for small and mid-size businesses, says Mark White, chief technology officer for Deloitte Consulting LPP’s Technology practice. Flexibility when it comes to contracts, pricing, scale and demand enables small businesses to take on larger competitors.

“The cloud is a real boon to small business. The cloud can be a disruptive force that can help small businesses punch bigger than their size,” says Charles Babcock, author of Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can’t Afford to Be Left Behind (McGraw-Hill, 2010). “The cloud overturns the established way of doing things.”

A cloud checklist

Understanding how your employees are deploying cloud computing and establishing some sense of control are critical to managing security risks, say experts. Consider taking these steps to get a handle on your cloud computing presence:

  • Conduct a cloud inventory. Evaluate all activity your organization is conducting in the cloud. It’s not just a matter of cataloging cloud services embraced by your IT department or at an enterprise level, cautions Babcock. Just because you haven’t embraced cloud computing doesn’t mean your employees aren’t working in the cloud.  White often has conversations with CIOs who tell him their organizations don’t use cloud computing, only to find the company’s employees are doing so. Quite often, end users look to get their job done in the easiest way possible. “For employees, some enterprise issues of standardization, information privacy and security may not be at the top of their list,” White says. Be aware that employees might be reluctant to reveal what they’re doing in the cloud if they know they’re violating company policy or taking risks.
  • Become the preferred storefront. Making sure your employees go through your IT department gives you a tighter control on security. “Understand those services your organization might want or benefit from, subscribing to the public cloud,” says White. “Build a services catalog so it’s easier for them to come to you to get that service fulfilled.”
  • Establish a cloud computing policy. Management, IT, and end users should have an understanding of when it’s appropriate to work in the cloud. In the Ponemon survey, 68 percent of IT professionals thought cloud computing is too risky for financial information and intellectual property. In some instances, your company may be in violation of government regulations if certain data is sent out to the cloud. Sensitive information such as employee personnel records, social security numbers and medical information could be at risk in the cloud. “When you send your data to the cloud, you don’t know exactly where it’s going,” cautions Babcock. “It’s not a very good defense for the CIO to stand up in court and say, ‘I had no idea where the data was.'”
  • Vet cloud service providers. Eventually, cloud service providers will likely be able to provide some third-party authentication of security practices, predicts Ponemon.  Meanwhile, it’s up to you to properly vet the cloud providers your company uses. While the emphasis has generally been on cost, you should be asking questions about the co-mingling of data, the security of data centers and whether cloud service providers conduct background checks of employees. “The cloud service provider should be a close and trusted business partner,” Babcock says. “If you don’t feel that way with the cloud vendor you’re talking to, you probably need to go back to the drawing board and find someone you can trust.”

Although cloud computing might pose something of a “security minefield” right now, businesses have little choice but to catch up with the technologies their employees are embracing, says Ponemon. “We’re not going to stop the train. It’s going pretty fast here,” he says. “We know cloud computing is the future. If you’re not doing it, you’re going to be left behind. We have to figure out what to do with the risks we’ve already created.”

Full Source: Inc.com

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

8 Responses to Assess Security of Cloud Computing Apps

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

What is the 12/12 Program?

This program is designed to better handle the thousands of requests we receive from people looking to submit articles. The 12/12 program is the commitment of 12 articles delivered over a 12-month period.  

Wait! What if I just want to submit one article?

Our popular pay as you go sponsorship program provides the flexibility to submit as you wish and is designed for all budgets.

Contributors

Ten Tips For Successful Business Intelligence Implementation

Ten Tips For Successful Business Intelligence Implementation

Ten Tips for Successful Business Intelligence Implementation The cost of Business Intelligence (BI) software goes far beyond the purchase price. Time spent researching, implementing, and maintaining your BI investment can snowball quickly and mistakes are often expensive. Your time is valuable – save it by learning from other businesses’ experiences. We’ve compiled the top ten

Knots And Cloud Service Providers

Knots And Cloud Service Providers

How Do These Two Compare? In Boy Scouts, I learned how to tie knots. The quickest knot you can tie is the slipknot. It’s very effective for connecting one thing to another via the rope you have. It was used in setting up tents, mooring boats to docks temporarily and lifting your food up into

What Ever Happened To Google Glass?

What Ever Happened To Google Glass?

What Ever Happened to Google Glass? It was supposed to be the next big thing in tech so where did it go? Last year you could not go anywhere without hearing about some insane new use for the product and now it seems to have vanished in a plume of smoke. A Lackluster Rollout Back

Posted on by

Big Data

To Have and Have Not: Big Data Initiatives In Developing Countries

To Have and Have Not: Big Data Initiatives In Developing Countries

Big Data Initiatives In Developing Countries The poor of the developing countries are becoming increasingly connected, to the point where they too are part of the Big Data revolution that’s happening across the globe. It didn’t come with laptops, though, as some supposed it would. Whereas it costs a fortune to connect broadband to a

Big Data In Your Garden: Initiatives For Better Understanding Nature

Big Data In Your Garden: Initiatives For Better Understanding Nature

Big Data in Your Garden Big Data and IoT initiatives are springing up all across the globe, making cities, protesters–and just about everything else–smarter. However, thus far there’s been little attention paid to the interactions between these bizarre technologies and living things other than humans. Biology, that is, human biology is one field where Big

Who Holds the Key to the City: Big Data and City Management

Who Holds the Key to the City: Big Data and City Management

Big Data and City Management Cities like New York, Madrid, and especially Rio de Janeiro are augmented with Big Data-powered initiatives that range from combating crime with predictive analytics (New York & Madrid) to providing real-time data for improved management. Although Big Data is no panacea and is mainly used in conjunction with a greater

Internet of Things

Where’s the Capital of the Internet of Things?

Where’s the Capital of the Internet of Things?

Where’s the Capital? We all know the capitals of fashion are London, New York and Paris, while the capital of film is Hollywood (or Bollywood!) – but what’s the new capital of the internet? Specifically, the internet of things? The answer – according to new research by Ozy – might surprise you. It’s not Tokyo, Seoul,

Smart Cities – How Big Data Is Changing The Power Grid

Smart Cities – How Big Data Is Changing The Power Grid

Smart Cities And Big Data As Anthony Townsend argues in his SMART CITIES, even though the communications industry has changed beyond recognition since its inception, the way we consume power has remained stubbornly anachronistic. The rules of physics are, of course, partially to blame, for making grid networks harder to decentralize, as opposed to communication

Aggregated News

Popular News Sources

Microsoft to enter the STRUGGLE of the Human Wrist

Microsoft to enter the STRUGGLE of the Human Wrist

It’s not just a thumb war, it’s total digit war The battle for the future of the human wrist entered a new phase on Monday after it was claimed that tech goliath Microsoft is planning to release its own wearable computer in the coming weeks.…Read the source article at The Register About Latest Posts Follow

Standards Organization ISO Takes on Cloud Computing Standards

Standards Organization ISO Takes on Cloud Computing Standards

Given the quality differences in different cloud services and issues of compatibility, ISO, the world’s best known standards body has issued two standards related to cloud computing…. Read the source article at Web Host Industry Review About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing

IBM Paying $1.5 Billion to Shed Its Chip Division

IBM Paying $1.5 Billion to Shed Its Chip Division

IBM will pay $1.5 billion to Globalfoundries in order to shed its costly chip division. IBM will make payments to the chipmaker over three years, but it took a $4.7 billion charge for the third quarter when it reported earnings Monday. Read the source article at Mashable About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is