Security’s an afterthought when it comes to the cloud

Most IT pros say that cloud decisions are rarely handled by the security team, and that’s a serious problem. No wonder they also say that the cloud adds risk. 

The first sign that something is amiss with cloud security: 55% of IT pros surveyed by SafeNet were not confident they knew all the cloud computing services in use according to The Challenges of Cloud Information Governance:
A Global Data Security Study. This study also found 70% of IT pros agreed that it’s more difficult to manage privacy and data protection in the cloud than on-premises, and 61% said it increases compliance risk.

Security isn’t top concern

Cloud decisions have lots of motivators – financial savings, disaster recovery, ease of use for an increasingly mobile workforce, etc.

But one group that’s being left out of cloud decisions is the security team. According to the survey:

  • 38% of respondents said the security team is rarely involved in cloud decisions (and 9% said it’s never involved)
  • only 16% said information security teams evaluate a cloud provider’s security capabilities, and
  • 15% said security was a factor in selecting cloud providers (the IT pros surveyed were allowed to pick up to two responses, and cost, efficiency, reputation, customer service and deployment time all finished higher).

And the most common evaluation criterion for cloud suppliers was word-of-mouth (at 54%). It may be valuable insight, but probably shouldn’t guide security decisions.

Even though the IT team may not have as big a role in determining providers as it probably should, there’s another area where its influence is lacking: In user training. A full 56% of respondents said they just use general data security training without any specific cloud security message. And 28% have an informal awareness effort.

3 ways to cloud security

Here are three keys to make sure cloud security is taken seriously in your organization.

  1. Pick providers on merit. Word-of-mouth is good, but data that backs up security is better. Ask for providers’ security audit results and their specific methods of security before signing any contracts.
  2. Train users. The more specific and detailed your training is, the better. Focus on giving users specific, practical advice to ensure it sticks with them.
  3. Take advantage of security solutions. Multi-factor authentication and encryption are good ways to ensure users have to have a degree of security.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy