Current Filter: Security>>>>>>

   

If global spending on cloud computing - where software and information is available on demand - hits the $57.4 billion mark next year, as predicted by IDC, that will have seen the market double in only a few years. It is an extraordinary story and reflects a commitment by businesses to living life more and more in the clouds.

So, does this signal a brave new world of 'cloud without borders' and, most importantly, is this necessarily the right way to go? How safe is your information in the cloud and who really has control over it? One of the big problems especially with corporate information in the cloud is controlling who uses and accesses it, and when.

A GROWING PROBLEM
"While IT teams try to control the way corporate data is used, employees continue to find easy, convenient ways to get their work done," says Paul Clark, AlgoSec's regional director for UK & Ireland. "In many cases, this means using free cloud sites, including DropBox, Google Docs and Apple's iCloud, to move and store documents and files."

This 'Bring Your Own Cloud' (BYOC) issue is a growing problem. A recent survey by AlgoSec revealed that the larger the organisation, the less likely it was to have cloud-based security. "This is because larger organisations are both more sensitive when it comes to protecting their data and also have dedicated staff to manage security technology, which makes them less likely to use cloud resources," Clark points out.

MAJOR IMPLICATIONS
In other words, security continues to stay on premises. And this has major implications for companies and for cloud service suppliers who wish to sell to them. "Of course, the end user/employee who is eager to save time and effort by storing a draft confidential document on DropBox, where he can pick it up later at the home office, will protest that all of these free BYOC services have clear and strong security policies," he states. "However, many of the consumer-oriented cloud services may claim to be secure, but most do not include enterprise-based security controls required to adequately protect corporate data and meet compliance mandates. "The majority of employees are oblivious to security by nature, and it is up to corporate IT and information security to define and enforce a policy that balances between employee productivity and security. Furthermore, the cloud is not inherently secure: recent well-publicised breaches at services such as Twitter and Evernote show that no-one is immune from hackers' prying fingers," HE continues.

Clark recommends some basic steps that he believes companies should take to control this, namely:

• Define and communicate a policy of what is acceptable and what is not when it comes to BYOC
• Enforce this policy using tools such as next-generation firewalls
• Evaluate enterprise-grade alternatives to some of the popular consumer-grade cloud services.

WHOM CAN YOU TRUST?
One of the big issues with cloud security, of course, is trustworthiness: is the cloud service really secure? Who can access the data? Can an employee who has left the company still access the cloud service? When Check Point surveyed nearly 900 companies worldwide in 2012, 69% had employees who were using Dropbox for cloud storage - frequently against their IT security policies. In the vast majority of cases, there's no malicious intent by the employee - they are typically focused on being efficient and getting their jobs done, and no data is lost, points out Tomer Teller, security evangelist, Check Point. However, this has the unfortunate effect of reinforcing such risky actions.

Page   1  2  3