As enterprises accelerate their movement of data into the cloud, a slew of new challenges are presenting themselves on the security front. For users of external or public cloud services, the risks are well understood. However, private and hybrid clouds are not immune to security vulnerabilities either. Thanks to private clouds, data is proliferating across various parts of the enterprise, along with the potential for insider abuse.
There is a need to balance security with the openness and access of cloud computing, whether it’s public, private, or hybrid. These issues were explored in a recent survey of 306 IT professionals conducted by Unisphere Research, a division of Information Today, Inc. The research finds that organizations are moving quickly into private cloud environments, with plans to move to public cloud services. The report, "Perspectives from Leading IT Professionals: 2016 IOUG Cloud Security Survey," conducted in partnership with Oracle, among members of the Independent Oracle Users Group (IOUG), represents the views of respondents from organizations of all sizes and across various industries.
There is heightened awareness of the potential risks that the cloud poses overall. About one-third of respondents expect to experience some type of data breach within their public cloud environments over the coming year. At the same time, close to half of all data professionals also agree that public cloud services have the potential to offer greater protection than a corporate data center is capable of delivering on its own.
Still, there is a perception that cloud providers are not yet thoroughly demonstrating their commitment to cloud security. Most of the professionals in this survey say they have not received adequate assurances that their public cloud providers are doing enough to protect their clients’ data. Data security assurances by public cloud providers appear to be few and far between.
Among public cloud users in the survey, 46% say either they do not receive assurances, or simply do not know if they have received such guidance. In addition, only 38% could say that their providers will notify them of any security breaches. In addition, only two in five say they are informed of security vulnerabilities, and slightly more than one-third are made aware of the government regulations with which their providers must comply. Worse yet, only one in four has received assurances that this data will be expunged after the contract with the provider ends.
Greater due diligence is required. One respondent laid out the details of what enterprises need to ask of cloud providers to ensure all data will remain secure. Due diligence should include “providing details—background checks, experience levels, foreign national disclosures, etc.—about their employees administrating the data and services,” the respondent said. “Ask vendors to provide a detailed architectural diagram of their storage and infrastructure to reduce single points of failure, as well as physical access policies disclosures, backup and recovery processes, and point-in-time recovery.”
Adding to this sense of insecurity, a majority of data managers, 58%, cannot assure, or simply don’t know, whether their cloud providers are keeping employees from breaking into or abusing such data. Only one-third of respondents say their public cloud data is encrypted, and fewer than three in 10 say the encryption keys are kept out of reach of public cloud staff members. Just over one in four says their provider audits user activities.
Still, many enterprise data managers are now comfortable with the idea of moving their data to the cloud. As cloud data management and storage become more ubiquitous in enterprises, there needs to be a shift in security from merely detecting breaches to more preventive measures such as encryptions and stronger access control. About half of the enterprises in the survey are willing to store sensitive data with public cloud providers, and more than half are storing such data in private clouds.
To download this Unisphere Research report, go here.