Costs And Concerns: Rogue Cloud Services In The Workplace
Rogue cloud deployments -- the use of cloud services against company policies -- pose a significant cost to small and midsize businesses, according to a new survey from Symantec. About 77 percent of businesses surveyed indicated it was a growing problem within the past year.
More than 90 percent of organizations are now at least discussing the cloud, according to the Symantec 2013 Cloud Survey. The figure represents an increase from 75 percent a year ago. The survey of 3,236 organizations from 29 countries was conducted by market research firm ReRez in September and October 2012.
[Related: Survey: Lack Of Faith In Cloud Security Creates Opportunity For MSPs ]
Symantec said one of the costs associated with rogue cloud issues is data leakage, with 40 percent indicating that exposure of confidential information was a problem. More than one-quarter faced account takeover issues, defacement of Web properties, or stolen goods or services, the survey found.
Cloud-based services generally fall into three buckets: Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service. Security experts warn that all businesses considering using cloud providers should tread carefully. Depending on the type of cloud service, the responsibility of protecting data can be mutual or be the sole responsibility of the data owner. Ultimately, meeting compliance mandates will fall on the user of the cloud and not the cloud provider, said Sean Bruton, senior product manager at Hosting.com.
Bruton, who oversees security and compliance for the company's managed hosting services, said organizations evaluating cloud providers need to vet them well to ensure security is a proactive responsibility and not a reactionary one.
"If people are entrusting sensitive data with a third party, first and foremost they'll want to know how to speak security and make sure the people in charge of maintaining the systems are capable of managing risk throughout the organization, Bruton said.
NEXT: Compliance Mandates A Growing Concern
Meeting compliance requirements such as HIPAA and PCI DSS and eDiscovery issues also are a growing concern, according to the Symantec study. More than half of those surveyed said they were concerned about being able to prove they have met cloud compliance requirements. A smaller percentage, 23 percent, indicated they had been fined for cloud privacy violations. Other firms said it was difficult to quickly find data in the cloud.
"One-third of businesses reported receiving eDiscovery requests for cloud data," Symantec said in its report. "Of those, two-thirds have missed their cloud discovery deadlines, leading to fines and legal risks."
Backup and recovery issues also increase costs of cloud adoption, the survey found, because they can be slow and tedious and sometimes result in data loss. Organizations indicated using three or more backup products for physical, virtual and cloud data. The survey found that 43 percent of organizations lost cloud data, a problem experienced by large and small and midsize businesses. Another 68 percent said they experienced recovery failures.
Properly using SSL certificates to protect data in transit also was a concern. Just 27 percent rated cloud SSL certificate management as easy and 40 percent were certain their cloud-partner's certificates were in compliance with corporate standards.
PUBLISHED JAN. 16, 2013