Clouds Ahead

Nov 2 2011   10:42AM GMT

The Trouble with Cloud Security

Pedro Pereira Pedro Pereira Profile: Pedro Pereira

Depending on where you look, you’ll read that business decision makers are either scared stiff of adopting cloud-based solutions or they can’t dig deeply enough into their pockets to fund cloud projects.

Analyst firm IDC predicts cloud spending will reach $72.9 billion by 2015, more than three times as much as in 2010. That isn’t exactly a drop in the bucket, but putting aside macroeconomic swings for a moment, you have to wonder how much more could be spent if fear of the cloud could be eliminated.

Most of that fear has to do with security and privacy. With a host of regulations coming out of Washington and state capitols to protect privacy, concerns over running afoul of the law are justified. Exposure of certain types of data, such as medical, finance and HR records, can lead to severe penalties. So decision makers should be concerned.

By that, I’m not suggesting you should avoid the cloud – just that understanding the risks associated with adoption of cloud solutions is imperative. Doing due research about solutions you are considering could spare a whole lot of trouble.

You’ll never have a 100 percent foolproof solution, no matter what anyone tells you.

In the cloud, there are new layers that have to be protected, and hackers will exploit every opportunity to get at private data for nefarious purposes.

Hosted, shared environments, for instance, potentially can make secured virtual machines vulnerable when connected to others that are less secure. A hacker could exploit the vulnerabilities of one machine and use it as a bridge to another that he or she would otherwise not be able to access. Attackers theoretically also can find ways to break into a virtualized environment to mess with data while still making it look normal.

Even though there have been disputes as to how undetectable certain attacks can be in practice, you don’t want to leave anything to chance if you are going to trust some, or even all, of your computing environment to a provider of cloud solutions. That means learning as much as possible about a solution’s security capabilities, implementing well-defined security policies in your organization and signing a contract with your provider that clearly defines both parties’ responsibilities.

Let’s be realistic: You’ll never have a 100 percent foolproof solution, no matter what anyone tells you. Even if you could prevent breaches, there’s always a very real chance that a leak could occur as a result of inadvertent user action.

Nearly 80 percent of businesses suffered data loss last year, according to a Ponemon Institute report. Chances are you could be part of that statistic this year or next. It’s up to you to minimize the severity when it happens.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: