Private cloud computing, by its very nature, crosses enterprise departmental boundaries. While it is perceived as safer than public cloud computing, private cloud also introduces new information security risks.
As part of my work with Unisphere Research/Information Today Inc., I recently helped conduct a survey on application and data security issues to address this question. The survey, conducted among 430 members of the Oracle Applications Users Group (OAUG) and sponsored by Application Security, Inc., found that 45% of the respondents see at least some risk in the rise of private cloud computing and were concerned about the security implications of sharing data and application services outside of their business units. While cloud computing continues to be a growing industry trend, three out of four have not defined a strategy for cloud security. (Report available here, registration required.)
The survey confirms that much sensitive data is handled across many parts of organizations - from development shops to backup sites - without safeguards such as data encryption, masking and de-identification. Private cloud may exacerbate this risk.
In fact, while there is tepid movement of database environments into the cloud, most respondents state that they have no strategy for protecting data deployed in clouds. Three out of four say they are not aware of their companies having a strategy for cloud security, suggesting that there has been no discussion of the implications of moving data and applications beyond their original domains.
What are the greatest risks associated with cloud computing? The largest segment of respondents cite issues with data exposed to users/developers in outside services (hosting, backup sites, mirroring). Some respondents also cite the fact that virtualization/service-layer transactions being more difficult to track/monitor.
These same issues also surface in various forms beyond private cloud computing throughout this survey. For example. a large segment of companies rely on third parties external to the organization’s firewall to help manage application and data environments. Nearly 40% respondents indicate that they outsource or offshore at least some of their database and application administration functions.