When the term "cloud" was coined a few years ago, businesses saw the technology as a way to completely transform operations. This was especially true for small and medium-sized businesses (SMBs), as the cloud enabled decision-makers to utilize cost-effective and flexible enterprise-class solutions. As SMBs continue to adopt the hosted services, however, IT departments are recognizing security flaws that were previously undetected.
According to a new study by social knowledge network Wisegate, more than 50 percent of survey respondents said cloud computing environments are still too risky for hosting mission-critical applications and data. Instead, many IT professionals believe the cloud is currently only suitable for customer relationship management, email and other commodity solutions.
Embracing a false sense of data security
Each year, more SMBs adopt Software-as-a-Service (SaaS) and other cloud models to achieve a competitive advantage.
A recent study by Microsoft found that the number of SMBs using paid cloud services will triple in the next three years. Meanwhile, only 20 percent of respondents said the cloud's data security tools are less effective than traditional on-premise systems, suggesting that many decision-makers have faith in the cloud's ability to protect sensitive information.
Members of the Wisegate community, on the other hand, encourage companies to be more cautious when adopting the hosted services, especially since the technology's evolution has not been entirely smooth.
"Even with SaaS, [there have been] lots of stumbles early on," one member said. "In particular, not having an identity management federation strategy in place has proven to be a pain point."
The Wisegate survey also found that many data protection policies in regulatory requirements act as inhibitors for cloud adoption.
Only 16 percent of respondents said they were adopting cloud computing anyway but will require a robust service-level agreement (SLA) to ensure that data privacy, protection and encryption methods are in place, Wisegate noted. Another 25 percent of decision-makers said they have some short-term plans for migrating to the cloud but are remaining cautious.
Ensuring data protection is in place
Decision-makers need to create strong SLAs that cover cloud connectivity, response time and issue resolution, Wisegate said. IT departments should also be aware of how the cloud can provide unique disaster recovery options to guarantee information is protected in the event of an emergency.
SLAs should be realistic, however, meaning data security requests should be reasonable, as no technology is 100 percent resistant to outsiders and other web-based threats.
Still, companies should attain some guarantees on application and data availability.
"Make sure [cloud vendors are] measuring availability [of the application] from outside of their firewalls, routers, data center and networks and that they're not just using a monitor sitting in their data center," consulting firm Pace Harmon principal Jonathan Shaw said, according to InformationWeek.
A separate report by Security Week noted that decision-makers and service providers must come to an agreement on both digital and physical security when developing the SLA. There is no doubt that the virtual threat landscape is becoming more menacing and complex, and even the slightest vulnerability can produce severe problems for an organization.
Additionally, the advent of mobility and BYOD (bring your own device) is introducing even more cloud computing threats. As a result, IT departments should be sure that all endpoints are able to be locked down, according to Network World.
"The BYOD to work issue is huge because now you have devices you don't own trying to access your data over networks that you don't control," Websense senior director of product marketing Tom Clare said, according to Network World.
Although the cloud holds a lot of promise, businesses need to be sure that a hosted service is secure if it is to deliver those guarantees.
Cloud Computing News from SimplySecurity.com by Trend Micro