Share

Top 5 Stories

News

Some companies view cloud computing as a threat to their IT security

26 September 2011

Research just released by Kaspersky Lab claims to show that around a quarter of companies (23%) see the cloud as a threat to their IT security.

David Emm, senior security researcher with Kaspersky Lab,  said there are two key factors driving development of cloud services.

“The first is cost. The economies of scale that can be achieved by storing data or hosting applications in the cloud can result in significant savings for businesses”, he said.

“The second is flexibility. Employees can access data from anywhere, at any time, using any device – including mobile devices. So businesses can benefit from an 'always-on' workforce. However, this research proves companies still harbor concerns about implementing cloud services”, he added.

Emm goes on to say that, on the other hand, there are those who believe the cloud offers built-in security, which can be a potentially dangerous assumption. But whatever a company’s perception, he asserted that measures need to be put in place to ensure that the cloud is used in the safest way.

In view of these findings, Emm advised that IT security professionals need to remember that data stored in the cloud is accessed from an endpoint within a business.

This means, he said, if a cybercriminal is able to compromise the endpoint, they gain access to the data – wherever it is stored. The wide use of mobile devices, he added – while offering huge benefits to a business – also increases the risk.

Against this backdrop, the Kaspersky Lab senior security adviser said that cloud data can be accessed from devices that may not be as secure as traditional endpoint devices. The combination of personal and business use on the same device, he noted, only serves to increase this risk.

Secondly, he said, the cloud itself is likely to become a target – and, given that a cloud provider holds so much data, that makes it a very attractive target.

“We need look no further than the spate of targeted attacks on organisations in recent months to understand the potential risk here – in particular the attack on Sony”, he wrote in a security blog posting.

So What Is to Be Done?

Emm advised that it is important to recognize that endpoint security remains paramount for businesses. In addition, he said that all data should be encrypted, just in case a breach occurs.

Then, he goes on to say, before you sign up with a cloud provider, consider the legal ramifications of storing data in the cloud. Do you know where the data will be held and which legal jurisdiction it will fall under?

Finally: “think about the business continuity aspects of storing data in the cloud: not just what happens if the cloud 'goes down', but what happens if you decide to move to another provider.”

This article is featured in:
Application Security  •  Cloud Computing  •  Internet and Network Security  •  Malware and Hardware Security

 

Comments

InfosecChap says:

26 September 2011
Hmm. I wonder what a cloud actually is ... a datacentre but we won't tell you where the data it.

Cloud services can be used to nick data in ways hitherto undreamt of. Organisations need good protection against this and they need to take the threats seriously.

Main problem, though, is where on earth is your data and how do you know it's safe?

chin chin
@InfosecChap

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×