SME Toolkit Logo
Partner Logo
Home  > Public Cloud Forecast: Torrential Rains for IT Security?
 Share  Print Version  Email

Public Cloud Forecast: Torrential Rains for IT Security?

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

Partly cloudy: That's the "sweet spot" for many midsize companies. Mixing local and off-site services produces a sunny kind of optimism, and why not? Providers have been singing the praises of agility and flexibility for the last five years, and many have delivered on their promises. According to a recent Ponemon Institute study, however, the public cloud forecast looks grim — are torrential rains coming for IT security?

Triple Threat

Top Tech News article takes a look at the recent Ponemon report, "Data Breach: The Cloud Multiplier Effect." The title itself is ominous enough, and the results aren't much more encouraging. The research firm asked 613 IT and security professionals to estimate the chances of a breach targeting 100,000 or more consumer records. Not only did respondents feel that cloud services were less secure, but they also put a number to that feeling: They believed that adding one percent more cloud services meant a three percent higher breach chance; in other words, using the cloud could triple a midsize company's risk to lose millions of dollars.

Not exactly beach weather, then, but what is important here is not the numbers. Instead, it is worth taking a look at the research itself: Ponemon asked experts to estimate the chances of a breach; data from the survey said that respondents "believed" that their data was less secure in the cloud. This is hardly surprising; cloud worry has been a common theme for IT professionals since public deployments started gaining ground several years ago. Ultimately, this means the survey speaks to what might happen if IT fears come true, not what will happen when data moves to the cloud. So what's the real story?

Taking the Time

Consider a recent study from TechAmerica, "CSO/CISO Insights, Achieving Results and Confronting Obstacles." According to the report, almost 90 percent of federal agency CIOs said that their organizations had moved to the cloud "in at least some capacity." Forty-eight percent of those deployments were public, and 36 percent of agencies had already migrated email services. One CIO noted that while his agency was moving toward the cloud they were "walking, not running," taking the time to make sure effective security measures were in place before moving forward. Overall, the study found that federal CIOs and CISOs cited cloud and mobile devices as the number one technology innovation for 2014.

What does all this mean for midsize IT? That the public cloud forecast is far from a sure thing. Does the cloud open up new attack vectors and change the nature of a data breach? Absolutely, but that is not a guarantee of failure; rather, it is an encouragement for change and innovation. Moreover, government agencies are not shying away from public cloud deployments. Instead, they are taking the time to ensure that services are moved securely, and only when infrastructure fully supports this migration.

It is easy to see storms gathering — enough clouds in one place and there is always a chance of rain. While old security umbrellas might not be up to the task, steady innovation may yield new and better ways to stay dry.

This article was written by Doug Bonderud.

 Share  Print Version  Email