August 1, 2012
Losing sensitive corporate data is something that no IT professional wants to have on his or her conscience. According to a study from CloudStorageStrategy.com, this has led to many companies staying away from public cloud environments, despite the potential benefits, as they remain unsure of data security in cloud computing environments.
Much of this hesitation comes as bring-your-own-device (BYOD) policies are moving into the workplace and publicly-available cloud-based services are becoming the norm. Realizing that such consumer-driven trends are taking control out the hands of IT is a harrowing experience for CIOs and other executives.
"IT executives have a high level of concern as they face the real challenges associated with the consumerization of IT, including corporate data leaking onto public clouds through consumer based tools," CloudStorageStrategy.com founder Steve Lesem said. "You don't want to stop progress - but you can't risk control."
This loss of control, and the potential loss of data along with it, was the top concern for CIOs. Respondents' faith in cloud computing data security was low, as none of the 158 survey participants believed that the public cloud was free of leakage. Because of this, compliance issues were high on the list of concerns, as was the availability of data.
Despite a growing landscape of threats facing organizations, data protection from theft was not high on the list of concerns for many of the respondents. While data thieves may seek to rip control away from organizations by attacking their data, it was the potential risks that come with simple use of the cloud that worried CIOs more than anything.
Worries about data security are the norm whenever new technology enters the marketplace, according to Guardian columnist Clive Longbottom. For instance, some companies superglued their desktops' USB drives, since the risk of someone walking in with a thumb drive was just too great to take a chance.
With the cloud, the concerns are much the same. Longbottom believes that the key is not outlawing the use of public cloud-based services, especally since many employees are likely to use them anyway. Instead, policies should be put in place that can work alongside the increased mobility of the average employee.
"Organizations need to change mind set from one of attempting to stop usage to positively providing a better approach," Longbottom wrote. "It is important that organizations accept that … secure sharing of information is required to provide access to specific information to specific people via external systems."
-McAfee Cloud Security