A recent Cloud Trends Report for 2011 discovered that the number of organizations that are immenently planning the move to the cloud almost doubled from 2009 (24%) to 2010 (44%). The study also discovered that issues relating to cloud security is the primary obstacle to migration. In the published report, more than a quarter of those surveyed cited security as their number one concern, with almost 60% including security in their top three.
CA Technologies recently published a study concluding that, despite industry concerns about cloud security, roughly half of those leveraging the cloud do not effectively review vendors for security issues before deployments. The study, ‘Security of Cloud Computing Users: A Study of Practitioners in the US & Europe’, discovered that IT personnel vary with their determination of who is in charge of securing sensitive data and how to go about doing it.
Constructing a Cloud Security Plan
Despite the ability of many organizations to analyze their own security protocols, there remain many valid cloud security fears. Shifting the burden of protecting important data to an outside vendor is nerve-racking, especially in a vertical that has to abide by regulations such as HIPAA, SOX or PCI DSS.
Risks involving cloud security still have many unknowns, so discovering an over-arching cloud strategy is a requirement. If your organisation does not have a game plan in place, are you ready to adapt and change as requirements evolove?
Your CFO or related exec is your organizations’ largest risk for financial application breach and data loss. The HR director needs to be effectively trained and managed so that ‘lost’ personnel files don’t come back to bite you. Most importantly, the largest risk of all is the CEO.
Hackers realize this, which is why Chief executives are consistently victims of “whaling attacks,” such as the well known ‘CEO subpoena phishing scam’.
A robust strategy to protect the most privileged users has the additional benefit of giving your organization an generalized cloud security road-map. Are mobile device risks a concern? Your most senior users desire remote and mobile access. What about data loss? Your senior users have more access to tarrying data points.
When your organization moves from analyzing itself to evaluating potential cloud application and platforms, do not neglect to look into how prevalent cloud services have already become in your IT infrastructure. Are you using Salesforce.com? Basecamp? Taleo? Google Apps?
Super brand cloud/SaaS/PaaS providers, Microsoft, Salesforce.com and Google all have tremendous reputations. So aligning projects leveraging these brands with security protocols should not be time consuming. You’ll want to analyze others to ensure they are legit providers that spend the time to properly secure their IT environments.
Lastly, as software licenses run out and as product upgrades come due, you’ll be in position to effectively begin analyzing the cloud vendors you will want to leverage for your mission-critical operations.
Following that advice will get you started. For more information on formulating a Cloud Security strategy visit Nubifer.com.