Survey: private cloud may test the limits of internal data security

Survey: private cloud may test the limits of internal data security

Summary: Almost half of IT managers in a new survey are nervous about data security as private clouds open up enterprise resources.

SHARE:

Private cloud computing, by its very nature, crosses enterprise departmental boundaries. While it is perceived as safer than public cloud computing, private cloud also introduces new information security risks.

As part of my work with Unisphere Research/Information Today Inc., I recently helped conduct a survey on application and data security issues to address this question. The survey, conducted among 430 members of the Oracle Applications Users Group (OAUG) and sponsored by Application Security, Inc., found that 45% of the respondents see at least some risk in the rise of private cloud computing and were concerned about the security implications of sharing data and application services outside of their business units. While cloud computing continues to be a growing industry trend, three out of four have not defined a strategy for cloud security. (Report available here, registration required.)

The survey confirms that much sensitive data is handled across many parts of organizations - from development shops to backup sites - without safeguards such as data encryption, masking and de-identification.  Private cloud may exacerbate this risk.

In fact, while there is tepid movement of database environments into the cloud, most respondents state that they have no strategy for protecting data deployed in clouds. Three out of four say they are not aware of their companies having a strategy for cloud security, suggesting that there has been no discussion of the implications of moving data and applications beyond their original domains.

What are the greatest risks associated with cloud computing? The largest segment of respondents cite issues with data exposed to users/developers in outside services (hosting, backup sites, mirroring). Some respondents also cite the fact that virtualization/service-layer transactions being more difficult to track/monitor.

These same issues also surface in various forms beyond private cloud computing throughout this survey. For example. a large segment of companies rely on third parties external to the organization’s firewall to help manage application and data environments. Nearly 40% respondents indicate that they outsource or offshore at least some of their database and application administration functions.

Topics: Security, CXO, Cloud, Hardware, Servers, Virtualization

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • We're not nervous, we're certain

    There is no way we are going to trust the security of our data or continuity of our business to cloud vendors who do not provide contractual guarantees and audit capability. And so far the cloud vendors are still putting T&C's in front of us that are laughable. Our contracts lawyer took less than a day to review all six responses to and RFP, because he said that none of the vendors were even close to the minimum guarantees we required.

    Cloud may be the way that small businesses can do ancillary services like web portals and marketing, but anybody that trusts the cloud with their revenue generating or financial management stuff is betting the fate of the company, and against loaded dice to boot.
    terry flores
  • RE: Survey: private cloud may test the limits of internal data security

    It can be intimidating when switching information to a private cloud. There are tons of security concerns no matter the size of the company, and it can become even more complicated as the business becomes larger or more intricate. But keeping track of the information and assuring it stays safe should be most important.

    On the security side, it?s great to have the latest encryption tools to assure the information stays protected, but you also need to have the ability to handle all the different tools. And when the private cloud is in place, it might be cheaper, but there?s a lot more information to manage and keep track of, especially when employees access information from anywhere (as opposed to simply the office). So it?s not surprising that so many people see a risk in the private cloud, but if your company has the right security, as well as the tools to manage that security, then the company should stay safe.

    Ada, Absolute Software
    http://blog.absolute.com/
    adaho
  • RE: Survey: private cloud may test the limits of internal data security

    I don't disagree but I think PaaS provider can do better than SMB firms' internal security.
    ypcho