A new study from CloudEntr of 438 people from industries that include financial and manufacturing found that 75 percent of smaller businesses are worried about their employees when it comes to securing data in the cloud. Larger companies are more concerned about hackers using employee credentials to access and steal data from the cloud. Of course, most highly regulated companies, such as those in health care and finance, are more concerned about compliance than security.
The vast majority (89 percent) of IT pros questioned said they were concerned with cloud security, and 63 percent said security was more important than convenience in a cloud service.
Most of these companies use education as a tool to ensure that employees don’t give away user IDs and passwords when phishing emails show up or even employees receive calls from hackers posing as IT employees. Clearly, with the recent hacks on larger retailers, the cat-and-mouse game of hackers chasing data will only get worse. As more data moves to the cloud, thieves will get more creative about seeking ways to gain access.
I’ve always known that employees are the largest security hole for most organizations. As public cloud gets better at encryption and spotting attacks, people will become the main point of vulnerability, both for on-premises systems and now for the cloud.
It can do little about the people problem, other than provide as much education as possible and get creative with technology, such as moving from simple passwords to biometrics or other more secure access methods whose keys can’t be given out on the phone or over email.
As a result, the distributed and service-oriented nature of cloud computing is moving many organizations to federated identity and other more effective security approaches. Many organizations see the move to the cloud as a way to beef up their security methods and perhaps even fix existing vulnerabilities.
I advise those moving to the cloud to take a close look at security and compliance issues. These problems can be solved. Although security and compliance issues should be considerations and perhaps concerns for those moving to the cloud, they should not stop your progress.