Security in enterprise-class cloud computing has been a hotly debated issue over the past many years. The Next Web said even though there are many fears of the technology, the biggest worry may come from the human factor at work within the enterprise cloud.
"IT departments are understandably cautious about moving mission-critical applications to the cloud, due to fears about security, downtime and control," Rich Quick wrote on the website. "However, other departments in the same company may already be signing up to cloud services, without even involving the IT department."
According to statistics from a recent 451 Research report, 30 percent of corporate IT decision makers said cloud security is their biggest pain point. Just 34 percent of business leaders involved IT in choices related to the cloud procurement process, and only 29 percent involve them in deploying the technology. This can be dangerous, Quick said, as it makes it more likely that security audits are not part of the process and less safeguards are put in place.
Tech journalist and IT training consultant Les Pounder told Quick that a good policy for cloud security is essential and should involve department heads. There should first be a review of how work is accomplished at the organization. This should in turn be used to develop how security is tested in the cloud. If there are holes that need to be addressed, companies should do so as quickly as possible to ensure no issues pop up.
Feelings on security improving
According to a recent study from the Ponemon Institute and CA Technologies, there are improved practices and feelings toward the enterprise cloud's level of security. While there are still concerns, 50 percent of those polled gave a positive response when asked about the cloud's level of security. Although this leaves half of the organizations surveyed as less than confident, it is most certainly a step in the right direction.
"Confidence in and best practices for the security of cloud computing is improving but not as significantly as one might have expected since our 2010 study," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "Our latest study offers organizations new data that should spark them to examine their own internal practices which could result in improvements in how they adopt and secure cloud services and applications."
Guarding data sent online
Pounder said with any sort of IT or cloud environment, there is an inherent risk to sending data over the Internet.
"The main challenge is data security over a public Internet connection," Pounder said, according to Quick. "Your cloud, and internal network will have security policies in place to minimize the risk of data theft, but between the two, is the vast public Internet. One common method is to use a Virtual Private Network, which offers an encrypted tunnel between the two."
Andrew Taylor of Sage U.K. said this problem is one that should already be understood, as there were teams trying to secure transmissions before the cloud came into prominence. Quick said IT needs to reduce uncertainty in this area and be sure they have a way to safely send and receive information over the cloud.