are cloud data security fears holding back cloud adoption
DESCRIPTION
Concerns about US spying on corporate information stored by cloud computing providers is beginning to have an impact on those providers’ international revenue, according to industry analyst Michelle Jenkins. “Enterprise customers in Europe and Asia are worried about government surveillance of their data stored by US cloud providers and it’s having an impact on the bottom line.”TRANSCRIPT
Are Cloud Data Security Fears Holding Back Cloud Adoption?
Concerns about US spying on corporate information stored by cloud computing providersis beginning to have an impact on those providers’ international revenue, according toindustry analyst Michelle Jenkins. “Enterprise customers in Europe and Asia are worriedabout government surveillance of their data stored by US cloud providers and it’s havingan impact on the bottom line.”
Industry analysts expect revenue for US cloud companies to be $35-155 billion lowerover the next 5 years due to fears about surveillance. Concerns about cloud data securityextend beyond just government surveillance and include traditional fears about securitybreaches, data loss, and compliance violations.
Often these fears about the cloud begin with IT feeling they are losing control ofcorporate data as employees introduce many cloud services into the company outside thenormal IT procurement process. Such unregulated and unmanaged “shadow IT” projectsare not known to the IT department and do not go through the typical vetting process forthe company’s cloud data security requirements.
In your IT department, you likely already have programs and resources in place toaddress different kinds of risk, from security operations centers focused on inboundthreats, to data loss prevention teams focused on data leakage. Managing the clouddoesn’t require establishing a new team, or even new headcount. All of the activitiesnecessary for robust risk management can be incorporated into existing processes.
While every company is unique, there are some common elements that every companyshould adopt to lower their cloud risk exposure. They include limiting access to theriskiest cloud services, educating users, migrating to lower risk services, and respondingto security compromises immediately.
Employees usually have good intentions, but they may not be aware of the risks posed bysome types of cloud usage. Many companies have mandatory compliance classes andemployee onboarding which can be augmented with training on high-risk cloud activitysuch as uploading sensitive information to unsecured services. Employees also prefer toknow about high-risk services before access is limited or removed.
Some services present risk to your data and can be enabled in read-only mode foremployees to view information but not upload data. You may also find cloud services inuse that are simply too risky for your organization. It’s up to each company to develop acloud data security policy that works for the organization and balances the benefits ofcloud services with their risk to company data.