Cloud computing adoption continues to accelerate in the enterprise, with Gartner predicting that "the bulk of new IT spending by 2016 will be for cloud computing platforms and applications with nearly half of large enterprises having cloud deployments by the end of 2017," according to Louis Columbus at Forbes.com. With that in mind, know that if you want to best advise your customers, you need to understand the cloud: both the cloud computing applications enterprises want, and the cloud computing security issues that plague them. Here are three of the most pressing cloud computing security issues.
Every business handles at least some sensitive, proprietary, or legally protected data, whether that data be HR records, corporate reports or R&D documentation, or customer financial information. And putting that data in the cloud puts it at more risk than housing it behind the corporate perimeter by potentially increasing attack surfaces for hackers to take advantage of. Data theft can lead to personal financial loss and corporate catastrophe.
It doesn't stop with thieves, either, as the headlines of the past year make clear. Domestic and foreign government spying has become a perennially popular topic, with allegations that agencies like the NSA have compelled major cloud service providers (CSPs) like Google and Microsoft to turn over customer data without the customers' knowledge or consent, and that they have infiltrated major CSPs' internal networks to intercept that data without the CSPs' knowledge or consent, either.
Speaking of thieves and spies intercepting corporate data, the public cloud increases that risk because of the multitenant model the CSPs use. Multitenancy simply means that multiple customers' data is housed within the same infrastructure. This puts an organization's data at risk of becoming collateral damage in the event of a breach of the CSP's infrastructure, even if the organization wasn't the one whose data was targeted. Multitenancy, therefore, is another of our top cloud computing security issues. And, as with data thieves, government agencies may wind up with access to an organization's data even if it wasn't specifically targeted, simply due to proximity to a targeted business. Protecting against inadvertent data breaches caused by multitenancy can be a challenge.
3. Insider threats
Third but not least of our cloud computing security issues is the threat of malicious insiders working for the CSPs. Identity theft and corporate espionage can be very profitable, and thus very tempting, for employees. Unfortunately, corporate customers of CSPs have little to no control over how the CSPs vet their own employees, even employees who may gain access to the customers' data. This makes malicious insiders particularly insidious among the cloud computing security issues in this list.
When your customers approach you with cloud computing security issues, how should you advise them?
Ultimately, cloud computing security boils down to control. By taking control of data security through measures such as strong policies and enforcement, client-side encryption that does not entrust encryption keys to CSPs, and DLP and activity monitoring within cloud deployments, organizations can take back much of the control they stand to lose in the cloud and can address many cloud computing security issues.
Feel like you need to learn more? Read up on the latest technology solutions to alleviate security and privacy concerns or speak to an Ingram Micro information security and business development specialist today.
What cloud computing security issues do your customers worry about? Tell us in the comments.