Study: Unauthorized cloud usage creates security risk
The cloud is being used throughout the private sector, even if decision-makers are unaware of it. This was highlighted in a recent study of more than 500 companies by Symform, which found that 39 percent of respondents said they are not using the cloud, even though 65 percent of these organizations let employees use cloud applications and 35 percent allow data to be migrated to cloud-based storage environments.
This suggests that the term "cloud computing" is often misunderstood and, as a result, usage policies are skewed. In fact, the study found that roughly 20 percent of survey respondents said they have no clear security standards for their company's use of the cloud, often because IT departments are simply unaware that cloud services are being adopted.
"This research validates how cloud applications and services are being purchased and managed increasingly by non-IT departments and illustrates the need for IT to reclaim control from a policy and governance standpoint while still enabling the business to benefit from the cloud's agility and cost effectiveness," said Margaret Dawson, vice president of product management at Symform.
Why is the cloud being adopted without consent?
The consumerization of IT is now in full force, as bring your own device (BYOD) and other mobile initiatives are being deployed on a grand scale. Furthermore, as the information volumes continue to expand, departments are increasingly embracing big data initiatives.
Both of these phenomena are contributing to the private sector's adoption of the cloud but shouldn't mean executives should be unaware of the technology and neglect to create security policies.
Access control technologies can be one of the most effective cloud security implementations. This was also highlighted in a separate InfoQ report, which said creating robust authentication policies will limit unauthorized usage of sensitive resources, regardless of where the tools are being used.
Decision-makers should also conduct vulnerability assessments and establish firm service-level agreements with vendors to ensure IT departments have visibility into the hosted environments without jeopardizing control over cloud services and applications.
"I always advise IT leaders to be the centralized source of all IT policy, vendor criteria, compliance management and the definition of 'trust' for their organizations," Dawson said. "Cloud usage is inevitable but loss of control is not."
- Welcome to GoGrid!
- I'm a live Cloud Expert.
- What questions do you have today?