A cloud of insecurity?

As enterprises of all sizes continue to adopt cloud-based services, Dave Howell asks is security still a major concern?


The cloud is transforming every aspect of the business community. Surveys of business owners consistently conclude that the cloud now plays a significant role in their ability to compete and realise their strategic goals. Security though, continues to be a concern, but is fast receding as a major barrier to the adoption of more cloud services.

Cyber attacks have been made on cloud-based services that many enterprises have come to rely upon. Twitter, Dropbox, LinkedIn and Google Docs have all had their security compromised over the last few years. The Heartbleed security scare that impacted on many cloud-based services was the last to hit the headlines.

According to researchers at The Verge, as much as one terabyte of data per day is being stolen from businesses, academic institutions, the military and governments.

David Emm, senior security researcher at Kaspersky Lab, says: “Recently, trust in cloud storage has been undermined somewhat by the Snowden [NSA] leaks and growing fears about privacy. I think it’s too early to say whether this will affect the take-up of cloud services significantly. Although it may well ensure that security issues become a key part of the negotiations between cloud providers and prospective clients.”

With Andy Barrow, technical director at ANS commenting: “Security concerns are often a scapegoat used by IT teams who are adverse to change, rather than a legitimate concern. In reality, working in the cloud means businesses can access a level of data security that may be cost-prohibitive to invest in themselves.”

As businesses gain more knowledge and see security concerns are being addressed, security becomes less of a pressure point to more cloud adoption

Findings from the Cloud Industry Forum (CIF) reveal businesses are pushing ahead with cloud adoption despite security concerns. “Around 69 per cent of businesses express concerns about security, yet the overall cloud adoption rate has increased rapidly from 48 per cent in 2010 to 69 per cent in 2013,” says CIF chief executive Alex Hilton.

As the cloud becomes ubiquitous, business owners need to appreciate that the perimeter of their organisation’s security has shifted from their on-site servers and into the cloud. In the brave new world of cloud-supported business, a fresh appreciation of security is rapidly developing across the entire business environment.

To ensure high levels of security, businesses need to partner with cloud service vendors that can demonstrate they meet current security standards, such as ISO 27001, ISAE3402/SSAE16 and CSA STAR. Carrying out due diligence when adopting cloud services is vital to ensure robust and reliable data security.

When cloud security is considered, it seems that experience breeds confidence. As businesses gain more knowledge and see security concerns are being addressed, security becomes less of a pressure point to more cloud adoption.

“Overall, the security risks still exist, but companies are willing to accept them to make savings and to be more responsive to demands,” says Dr Gerhard Knecht, head of global security services and compliance at Unisys. “Others delay the large-scale implementation until the first wave of security breaches and remedial action has been taken care of. This is akin to companies using the ‘never install version 1.0 in your company’ approach.”

Ultimately the cloud services that any business adopts must instill high levels of confidence and trust, as Rajinder Tumber, security consultant at Auriga, concludes. “Customer trust is of paramount importance to business owners. Without trust, customers will seek business with a rival competitor. Therefore, businesses need to ensure they are using secure and trustworthy cloud-based services and platforms, as well as implementing and embedding effective security practices to better protect customer data,” he says.

There is little doubt that the cloudscape offers massive value and flexibility that all enterprises can leverage. The cloud itself isn’t necessarily inherently insecure. If a sensible approach to security policies is taken, cloud-based services can be securely managed to deliver the benefits they clearly offer.

Security concerns will prevent a wholesale move to the cloud for some time yet, but the advantages the cloud presents far outweigh any security concerns.

Security specialist Graham Cluley says it best when he observes that the cloud really means “somebody else’s computers”. In this context, business owners considering the cloud and its security should simply ask themselves if they are comfortable placing their data on these systems?