ie8 fix
madison

Service Oriented

Joe McKendrick
Home / News & Blogs / Service Oriented

Survey: private cloud may test the limits of internal data security

By | February 11, 2011, 8:07am PST

Summary: Almost half of IT managers in a new survey are nervous about data security as private clouds open up enterprise resources.

Private cloud computing, by its very nature, crosses enterprise departmental boundaries. While it is perceived as safer than public cloud computing, private cloud also introduces new information security risks.

As part of my work with Unisphere Research/Information Today Inc., I recently helped conduct a survey on application and data security issues to address this question. The survey, conducted among 430 members of the Oracle Applications Users Group (OAUG) and sponsored by Application Security, Inc., found that 45% of the respondents see at least some risk in the rise of private cloud computing and were concerned about the security implications of sharing data and application services outside of their business units. While cloud computing continues to be a growing industry trend, three out of four have not defined a strategy for cloud security. (Report available here, registration required.)

The survey confirms that much sensitive data is handled across many parts of organizations - from development shops to backup sites - without safeguards such as data encryption, masking and de-identification.  Private cloud may exacerbate this risk.

In fact, while there is tepid movement of database environments into the cloud, most respondents state that they have no strategy for protecting data deployed in clouds. Three out of four say they are not aware of their companies having a strategy for cloud security, suggesting that there has been no discussion of the
implications of moving data and applications beyond their original domains.

What are the greatest risks associated with cloud computing? The largest segment of respondents cite issues with data exposed to users/developers in outside services (hosting, backup sites, mirroring). Some respondents also cite the fact that virtualization/service-layer transactions being more difficult to track/monitor.

These same issues also surface in various forms beyond private cloud computing throughout this survey. For example. a large segment of companies rely on third parties external to the organization’s firewall to help manage application and data environments. Nearly 40% respondents indicate that they outsource or offshore at least some of their database and application administration functions.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Service Oriented”

Topics

Risk, Survey, Server Virtualization, Cloud Computing, Virtualization, Strategy, Security, Servers, Hardware, Management, Joe McKendrick

Joe McKendrick is an author, consultant and speaker specializing in trends and developments shaping the technology industry.

Disclosure

Joe McKendrick

Joe McKendrick is an independent consultant, editor and speaker.

Joe has performed project work (white papers, articles, blogs, research and presentations) for the following companies in the IT marketspace:

  • CBS Interactive/CNET/ZDNet (this blog)
  • ebizQ
  • Evans Data
  • Gartner
  • IBM
  • Informatica
  • IDC
  • Microsoft
  • Systinet/HP
  • Teradata
  • Unisphere Reseach, a division of Information Today, Inc.
  • WebLayers

Joe has also performed research work for the following sponsoring organizations in partnership with Unisphere Research, a division of Information Today, Inc.

  • IBM
  • Luminex
  • Noetix
  • Oracle Corp.
  • Teradata
  • Informatica
  • International Oracle Users Group
  • Oracle Applications Users Group
  • Professional Association for SQL Server
  • International DB2 Users Group
  • International Sybase Users Group
  • SHARE (IBM large systems users group)

Biography

Joe McKendrick

Joe McKendrick is an author and independent analyst who tracks the impact of information technology on management and markets. Joe is co-author, along with 16 leading industry leaders and thinkers, of the SOA Manifesto, which outlines the values and guiding principles of service orientation. He also speaks frequently on Enterprise 2.0 and SOA topics at industry events and Webcasts, and serves on the program committee for this year's SOA & Cloud Symposium in London. As an independent analyst, he has also authored numerous research reports in partnership with Unisphere Research, a division of Information Today, Inc. for user groups such as SHARE, Oracle Applications Users Group, and International DB2 Users Group. In a previous life, Joe served as director of the Administrative Management Society (AMS), an international professional association dedicated to advancing knowledge within the IT and business management fields. He is a graduate of Temple University.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
3
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Survey: private cloud may test the limits of internal data security
ypcho 14th Feb 2011
I don't disagree but I think PaaS provider can do better than SMB firms' internal security.
View in thread
0 Votes
+ -
We're not nervous, we're certain
terry flores 11th Feb 2011
There is no way we are going to trust the security of our data or continuity of our business to cloud vendors who do not provide contractual guarantees and audit capability. And so far the cloud vendors are still putting T&C's in front of us that are laughable. Our contracts lawyer took less than a day to review all six responses to and RFP, because he said that none of the vendors were even close to the minimum guarantees we required.

Cloud may be the way that small businesses can do ancillary services like web portals and marketing, but anybody that trusts the cloud with their revenue generating or financial management stuff is betting the fate of the company, and against loaded dice to boot.
0 Votes
+ -
RE: Survey: private cloud may test the limits of internal data security
adaho 11th Feb 2011
It can be intimidating when switching information to a private cloud. There are tons of security concerns no matter the size of the company, and it can become even more complicated as the business becomes larger or more intricate. But keeping track of the information and assuring it stays safe should be most important.

On the security side, it?s great to have the latest encryption tools to assure the information stays protected, but you also need to have the ability to handle all the different tools. And when the private cloud is in place, it might be cheaper, but there?s a lot more information to manage and keep track of, especially when employees access information from anywhere (as opposed to simply the office). So it?s not surprising that so many people see a risk in the private cloud, but if your company has the right security, as well as the tools to manage that security, then the company should stay safe.

Ada, Absolute Software
http://blog.absolute.com/
0 Votes
+ -
RE: Survey: private cloud may test the limits of internal data security
ypcho 14th Feb 2011
I don't disagree but I think PaaS provider can do better than SMB firms' internal security.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix