Are Cloud Data Security Fears Holding Back Cloud Adoption?
Posted by skyhighnetworks on April 9th, 2014
Concerns about US spying on corporate information stored by cloud computing providers is beginning to have an impact on those providers’ international revenue, according to industry analyst Michelle Jenkins. “Enterprise customers in Europe and Asia are worried about government surveillance of their data stored by US cloud providers and it’s having an impact on the bottom line.”
Industry analysts expect revenue for US cloud companies to be $35-155 billion lower over the next 5 years due to fears about surveillance. Concerns about cloud data security extend beyond just government surveillance and include traditional fears about security breaches, data loss, and compliance violations.
Often these fears about the cloud begin with IT feeling they are losing control of corporate data as employees introduce many cloud services into the company outside the normal IT procurement process. Such unregulated and unmanaged “shadow IT” projects are not known to the IT department and do not go through the typical vetting process for the company’s cloud data security requirements.
In your IT department, you likely already have programs and resources in place to address different kinds of risk, from security operations centers focused on inbound threats, to data loss prevention teams focused on data leakage. Managing the cloud doesn’t require establishing a new team, or even new headcount. All of the activities necessary for robust risk management can be incorporated into existing processes.
While every company is unique, there are some common elements that every company should adopt to lower their cloud risk exposure. They include limiting access to the riskiest cloud services, educating users, migrating to lower risk services, and responding to security compromises immediately.
Employees usually have good intentions, but they may not be aware of the risks posed by some types of cloud usage. Many companies have mandatory compliance classes and employee onboarding which can be augmented with training on high-risk cloud activity such as uploading sensitive information to unsecured services. Employees also prefer to know about high-risk services before access is limited or removed.
Some services present risk to your data and can be enabled in read-only mode for employees to view information but not upload data. You may also find cloud services in use that are simply too risky for your organization. It’s up to each company to develop a cloud data security policy that works for the organization and balances the benefits of cloud services with their risk to company data.
Skyhigh Networks, the Cloud Data Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com/cloud-data-security/ or follow us on Twitter@skyhighnetworks.