Hard To Keep The Cloud Safe Without Skills

Uploaded on 2017-02-21 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News

IT managers are finding it difficult to keep their applications and data safe in the cloud, and many are slowing cloud adoption because of it.

That was one of the findings of an Intel cloud security report that surveyed 2,000 IT professionals in different countries and industries last fall.

The issue isn't with the cloud itself, since trust outnumbers distrust for public clouds by more than two to one, according to Intel's survey. IT professionals told Intel that shadow IT and a shortage of cybersecurity skills are causing the most problems.

The study showed that 49% of IT professionals said they have slowed cloud adoption because of a lack of cybersecurity skills, and 65% say shadow IT is interfering with keeping the cloud safe and secure.

"I think people have bought the story that the cloud is a panacea to them," said Dan Olds, an analyst with OrionX. "They think it must be good because the cloud is the hot thing right now. What I've found in my research is that real data center folks aren't that enthusiastic about the cloud, and they don't think it's more secure."

Olds agreed with the survey results that the problem is largely coming from shadow IT, or employees who skirt around their company's IT department to set up applications on their own.

"This problem goes directly back to shadow IT," he said. "You're in a marketing unit and you want a cool application up. Rather than going through IT, you just go out and buy it in the cloud. You're going around IT. That can cause a lot of problems. Companies need to get this under control."

Judith Hurwitz, an analyst with Hurwitz & Associates, said IT shops should pump the brakes when it comes to jumping on to the cloud, and they should think through all of the security implications.

"IT is traditionally skeptical about security issues with the cloud," Hurwitz said. "They are right to reserve judgment. Not all clouds are the same. Some are more secure than others. IT gets the blame if something goes wrong."

And company executives need to make it clear that shadow IT is harmful to the company and won't be tolerated, Olds said.

"First they need real IT to say, 'We will help you,' and then they need to say there will be penalties for going around them," he added. "The penalties need to be significant."

IT needs to take charge of the cloud, especially since the Intel study showed that 62% of the companies surveyed store sensitive customer information in the public cloud.

"Companies might look back and find they've gone too far with the cloud and are paying too much for cloud services they have too little control over," Olds said. "I think companies need to understand all the applications they have on premises and on the cloud, and develop some criteria for what can go out on the public cloud and what should never go out to the public cloud."

The report was released at the RSA security conference in San Francisco.

Computerworld

 

« Robot Monitors in Homes of the Elderly
Facial Recognition Technologies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

CyberPolicy

CyberPolicy

CyberPolicy is a cyber protection solution for small businesses. It combines three important components against cyber threats - Cyber Plan, Cybersecurity and Cyber Insurance.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

Flipside

Flipside

Information Security training provider specialized in personalized training and security awareness campaigns.

CertiPath

CertiPath

CertiPath create products and services that ensure the highest levels of validation for digital identities that attempt to access customers’ networks.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

SkyePoint Decisions

SkyePoint Decisions

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

Harbor Networks

Harbor Networks

Harbor Networks is a communications systems integrator and managed services provider. We provide business consultation services for voice and data communication technology.

ISSQUARED

ISSQUARED

ISSQUARED is a leading provider of Cyber Security, Cloud, Infrastructure, Consulting and Digital Transformation services.

Scybers

Scybers

Scybers are a global cybersecurity advisory and managed services company. With our deep expertise, we help our clients reduce their cyber risks with confidence.

SecurityStudio

SecurityStudio

SecurityStudio is a continuous cybersecurity risk management platform that allows decision-makers to quickly identify the most immediate threats and make confident risk informed decisions.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.

WaveLink

WaveLink

WaveLink offers low risk, results-oriented Engineering Services and best-of-class Technical Support Services. Areas of expertise include cyber and security engineering.