According to a new survey, “rogue” clouds were deployed in 77 percent of businesses last year, causing exposure of confidential information in 40 percent of them.
These rogue cloud – public cloud applications not managed by or integrated into the company’s IT infrastructure – are one threat faced by companies as they continue to try to adapt to new cloud technologies.
“Avoiding the Hidden Costs of Cloud 2013 Survey”, a new report from digital security firm Symantec, found that more than 90 percent of the organizations polled are at least discussing cloud (up from 75 percent a year ago) but many are facing security risks from rogue clouds. They may also face substantial fines from complex backup and recovery solutions, unreliable compliance and eDiscovery, and inefficient cloud storage.
Rogue clouds are sometimes the symptom of an IT department that’s unwilling or able to provide approved cloud-based tools and capabilities to employees. They can place sensitive business information in a position where it could be compromised. In a quarter of cases, this has led to theft, account takeover and even defacement of web properties.
Organizations often now have a combination of physical, virtual and cloud storage that can be very complicated when it comes to backup and recovery. More than two-thirds of enterprises surveyed are using three or more solutions to backup their data. More than 40 percent of businesses have lost data in the cloud, and their backups would take three days or longer to recover, and fail in two out of three cases.
Compliance and eDiscovery are two areas that are also sometimes given “second order” priority. According to the Symantec survey, 23 percent of organizations have been fined for privacy violations in the cloud last year, and one-third have received eDiscovery requests for cloud information in the past 12 months. Two-thirds of those receiving requests missed their deadlines, potentially leading to fines or compromised legal positions.
Cloud storage provides the advantage of flexibility and the ability to only pay for storage that’s used. But, according to the survey, only 17 percent of businesses polled are using cloud storage, and half say little to none of their data is deduplicated, meaning that they’re paying to store identical data.
The survey also showed that managing the SSL certificates used to protect the data in transit within an organization was a highly complex task. Just 27 percent rate cloud SSL certificate management as easy and only 40 percent are certain their cloud-partner’s certificates are in compliance with corporate standards.
In a related Symantec blog post from Dave Elliott, he notes that careful planning, implementation and management can mitigate the costly risks explored in the study. He recommends focusing policies on information and people, not technologies or platforms; educating, monitoring and enforcing policies; embracing platform agnostic tools; and deduplicating cloud data.
It seems that many businesses will have to heed this advice to make sure their clouds don’t lead to data breaches and fines.