Enterprises Lax on Rogue Cloud Usage; Data Protection Top Cloud Issue
Sure, we all know the cloud security is an important part of IT’s job, but how do actual cloud practices match up with IT’s stated policies? According to new research released today, the answer is not very well -- at least not for the enterprises with such policies. What’s worse, almost one in five enterprises doesn’t even have a clear security policy or standard when it comes to use of the cloud by employees or departments, even though most allow such use including access to corporate data from cloud apps.
The research conducted last month about cloud utilization, security, and policies surveyed workers in almost 500 enterprises of all sizes; it was commissioned by Symform, a cloud backup service provider. Eighteen percent of respondents work in enterprises, one-third (34 percent) come from small and midsize enterprises.
According to Symform, concerns over data growth are diverting attention from cloud adoption. “Coupled with BYOD and the consumerization of IT, the survey reveals that many businesses are slow to acknowledge cloud adoption within their organization and, as a result, determine the proper IT security and policies to govern this cloud usage.” The study points out that of the 39 percent of respondents who said they are not currently using cloud, almost two thirds (65 percent) said their companies allow employees or teams to use cloud services, and 35 percent said their companies allow employees to store company data in cloud apps.
In a prepared statement, Margaret Dawson, Symform’s vice president of product management, highlights how control of the cloud is slipping away from IT. “This research validates how cloud applications and services are being purchased and managed increasingly by non-IT departments, and illustrates the need for IT to re-claim control from a policy and governance standpoint while still enabling the business to benefit from the cloud’s agility and cost-effectiveness.” She also explained: “I always advise IT leaders to be the centralized source of all IT policy, vendor criteria, compliance management and the definition of ‘trust’ for their organizations. Cloud usage is inevitable but loss of control is not.”
Concern over cloud security seems to be declining. Symform survey found that half (50 percent) of respondents believe that “even sensitive data can be secured in the cloud” with the exception of credit card data -- 70 percent said they wouldn’t store credit card data there. In fact, security is seen as a benefit of their cloud use: almost half said cloud services “allow them to spend less time managing data protection and on IT security overall.” Among those not using the cloud, security is seen as a bonus: “over 50 percent believe that better data protection would be the top benefit gained by moving services to the cloud.”
IT managers still worry about controlling access to the cloud. Also of concern: auditing and tracking, securing data (in motion and at rest), vulnerability management, and maintaining strong security SLAs.
The full survey results are available here (very short registration required).
-- James E. Powell
Editorial Director, ESJ
Posted on 11/06/2012