Angst, Fear, Uncertainty in the Cloud

As humans, we hate negative emotions. It’s so much nicer to focus on the pleasant. But sometimes you can’t ignore “bad” feelings. And it seems there’s plenty going around amongst IT pros when it concerns the cloud and security.

A new survey says IT people are just plain scared that putting their data on the cloud will expose their companies’ sensitive information – and put it in the wrong hands. Many say there are plenty of employees who are unaware of the scope of cloud services employed at their firms. And there are a lot of IT executives who, despite their own misgivings about the cloud, suspect that many employees are already using cloud services…that is, without IT’s knowledge. The poll, the Security of Cloud Computing Users study, was conducted by the Ponemon Institute and sponsored by CA Inc., and surveyed IT pros in both Europe and the U.S.

Here are some findings that I thought I’d share:

— 68% noted that financial information and intellectual property were too risky to store outside their company’s own data center. More than half also were convinced that health records shouldn’t be moved to the cloud, while 43% said credit card information should not migrate outside their own data centers.

— more than 50% of U.S. respondents felt that their organizations were unaware of all the cloud services deployed in their enterprise.

Angst, Fear, Uncertainty in the Cloud “The [survey respondents] said, ‘Yes, in fact, we’re not confident what applications out there are being used within policy and we’re not only not confident in what’s really going on, but we’re also not sure what the problems are we should be dealing with,'” said Mike Spinny, a senior privacy analyst at the Ponemon Institute, who was quoted in an article I read about the survey. “It’s a very concerning situation in that we’re talking to people who are tasked with the responsibility of protecting information.”

What I also found interesting is that there seems to be a lot of confusion out there, too, about security and who’s responsible for it. After reading, I feel even stronger that companies need independent assistance in monitoring cloud services performance and service level agreements (SLAs).

In the study, 27% of U.S. respondents and 38% of Europeans polled believe their organizations’ security executives are most responsible for ensuring safety. Only 38% of U.S. IT people indicated that they’re proactively involved in assessing the sensitivity of data and whether it should be stored in the cloud.