Just 30% of companies have a cloud security strategy, survey says

As more organizations turn to cloud computing, IT must rethink its strategy for protecting data. But few companies have a cloud computing security plan in place, according to a new survey. 

Security is still the number-one obstacle to cloud computing adoption, according to “Information Security Shake-Up,” a new report published by the Security for Business Innovation Council. But companies are getting more comfortable with cloud computing security and are moving more sensitive data to the Cloud.

However, companies aren’t necessarily planning for security when they adopt cloud computing services. Despite the fact that more than 80% of the organizations polled have started using some kind of cloud service, only 30% said they have a cloud computing security strategy in place.

Often, they fail to take the necessary steps to protect sensitive data in the Cloud because there’s a disconnect between IT’s goals and the concerns of the rest of the business.

To close those gaps, the Security for Business Innovation has this advice for IT departments:

  1. Exchange information regularly — In many cases, the lack of a cloud computing security plan is due to the fact that other departments within the company are provisioning cloud services without the knowledge of IT. It’s important to stay in close communication with those departments so that everyone is on the same page regarding the company’s cloud computing policy and the steps that need to be taken to secure sensitive data in the Cloud.
  2. Argue for a cloud security budget — While convincing Finance to increase security spending is always a challenge, IT departments must make sure the person in charge of the budget is aware of what’s required for security when cloud computing services are used. In some cases, there may be no budget for cloud security because the CFO mistakenly believes security needs are taken care by cloud providers.
  3. Give security staff business skills training — IT departments need business managers and other people to understand IT security — but, the report says, it’s also important for the people in charge of IT security to understand business. People on the business side will be much more likely to listen if security pros can speak their language.