Security Pros: 5 Ways We're Being Shut Out Of The Cloud Discussion

Cloud Angst Continues

IT security professionals who deal with a variety of cloud security issues say they are increasingly advocating that business executives keep them in the loop when considering the use of any new cloud-based services. Forward-thinking firms have created a policy and a formalized process that keep security and the company's legal team involved in decisions. But IT security teams are still being left out of the decision-making process and others have no idea of the extent of cloud services being used across their business units, according to a survey of 130 security professionals at RSA Conference conducted by McLean, Va.-based cloud security gateway vendor PerspecSys. Here are some of the key findings.

5. Lacking Cloud Protocols, Policies

A significant number of organizations fail to address the use of cloud applications in the workplace. Experts say that businesses may be lacking policies because they are not in position to invest in enforcement mechanisms. The survey found that 31 percent of organizations do not have any significant security protocols in place for employees using cloud applications. Of the nearly 70 percent who indicated that policies exist, more than half acknowledged that the policies or protocols complicate or delay employees' work.

4. Security Policies Being Bypassed

Employees are bypassing restrictive security policies and using their mobile devices to access cloud-based services when working remotely. Almost 31 percent of respondents do not allow employees to access cloud applications such as Salesforce and Dropbox from their mobile devices, but indicate employees do it anyway, according to the PerspecSys survey. A new group of cloud security gateway vendors are emerging to help address the problem. Rather than denying access, the firms set up a reverse proxy to control access, provide single sign-on capabilities, two-factor authentication and encryption.

3. Encryption Used in Low Numbers

More corporate data is going to the cloud, but much of it remains in plain text format, according to the survey. About 36 percent of those surveyed said they use encryption to secure sensitive information. An executive at a cloud security firm that offers encryption and authentication told CRN that only a tiny fraction of its customer base has a license to use the encryption capabilities. Some experts say businesses may still be housing the most confidential data on-premise. Executives also often hold the misconception that encrypting data in the cloud can be a complex and painful process for end users, they say.

2. Perception That Cloud Data More Difficult To Secure

Adding controls and increasing visibility over data stored in the cloud may appear to be more difficult than on-premise options, but according to the survey findings, it's a matter of perception. PerspecSys found that 66 percent of security pros still view the cloud as more difficult to secure than on-premise options. Depending on whether a public cloud, a private cloud or a hybrid approach is used, different questions arise over responsibilities, evaluating the security processes of the provider, and how incident response is carried out.

1. Securing Cloud-Based Data To Trump On-Premise

Concerns about data in the cloud are growing, according to the survey. The firm found that 74 percent believe security for cloud-based data in 2014 will be a bigger concern than securing data on-premise. As more business units flip the switch on cloud-based services, such as Salesforce.com and file hosting and sharing services including Box and Dropbox, identifying where the data is flowing and how it is protected is increasingly becoming a priority. Security experts told CRN that IT security teams often are left in the dark during cloud evaluation and decision-making.