Control among keys to improving security in the cloud

June 11, 2012

Security breaches are more common in companies that have migrated to the public cloud than in the same companies prior to the switch, according to a study from a computer chip company. Despite this raised total number of threats, company's using both public and private clouds pinpointed control as an essential measure to help improve data security in the cloud.

Need for regulation
With only a few exceptions from the 800 respondents, 98 percent of those surveyed highlighted a pressing need for the ability to measure the cloud security of their provider. Without the ability to measure such security, the companies not only feel more vulnerable, but lack some sense of control that would allow increased confidence in the data protection capabilities of the technology.

As various organizations have attempted to come up with new regulatory measures - or place older regulations onto the new technology - to keep cloud providers on the same page, the problem has arisen with outdated ideas attempting to impose themselves in a world of technology where they are less effective.

"Traditional regulation - it's far, far, far behind reality," the head of a Russian security firm told ZD Net Australia.

New ideas
The security firm founder believes that once a unified body of data regulation becomes reality, the rash of data breaches and cybercrime will calm. A global model, according to ZD Net, would be reliant on the continuing protection of privacy as regulation also takes full swing, a moment that the firm's founder sees taking place in 2014 or 2015.

"I think that will be [the] end of the cybercrime golden age," the founder told ZD Net.

Increasing control
By coming up with a stronger sense of regulation on the provider as well as consumer side, it would help assuage the concerns of compliance with existing data protection policies in addition to improving cybersecurity. According to the computer chip company's study, 84 percent of companies using a public cloud had concerns about compliance.

Companies using the private cloud were less directly concerned with compliance, although the lack of control was still felt. The top three concerns of private cloud users all dealt with control, topped with the ability to limit access. Visibility of resources came in second, with adequate firewalling in the No. 3 spot.

Users of both clouds were also together in how they felt that control and confidence could be improved. While companies using the public cloud were more likely to voice the need for security policies, both private and public cloud users pointed to the need for data boundaries - an issue that also arises with regulatory compliance - as near the top of their wishlist for what can be done.

-McAfee Cloud Security