Hard To Keep The Cloud Safe Without Skills

Uploaded on 2017-02-21 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News

IT managers are finding it difficult to keep their applications and data safe in the cloud, and many are slowing cloud adoption because of it.

That was one of the findings of an Intel cloud security report that surveyed 2,000 IT professionals in different countries and industries last fall.

The issue isn't with the cloud itself, since trust outnumbers distrust for public clouds by more than two to one, according to Intel's survey. IT professionals told Intel that shadow IT and a shortage of cybersecurity skills are causing the most problems.

The study showed that 49% of IT professionals said they have slowed cloud adoption because of a lack of cybersecurity skills, and 65% say shadow IT is interfering with keeping the cloud safe and secure.

"I think people have bought the story that the cloud is a panacea to them," said Dan Olds, an analyst with OrionX. "They think it must be good because the cloud is the hot thing right now. What I've found in my research is that real data center folks aren't that enthusiastic about the cloud, and they don't think it's more secure."

Olds agreed with the survey results that the problem is largely coming from shadow IT, or employees who skirt around their company's IT department to set up applications on their own.

"This problem goes directly back to shadow IT," he said. "You're in a marketing unit and you want a cool application up. Rather than going through IT, you just go out and buy it in the cloud. You're going around IT. That can cause a lot of problems. Companies need to get this under control."

Judith Hurwitz, an analyst with Hurwitz & Associates, said IT shops should pump the brakes when it comes to jumping on to the cloud, and they should think through all of the security implications.

"IT is traditionally skeptical about security issues with the cloud," Hurwitz said. "They are right to reserve judgment. Not all clouds are the same. Some are more secure than others. IT gets the blame if something goes wrong."

And company executives need to make it clear that shadow IT is harmful to the company and won't be tolerated, Olds said.

"First they need real IT to say, 'We will help you,' and then they need to say there will be penalties for going around them," he added. "The penalties need to be significant."

IT needs to take charge of the cloud, especially since the Intel study showed that 62% of the companies surveyed store sensitive customer information in the public cloud.

"Companies might look back and find they've gone too far with the cloud and are paying too much for cloud services they have too little control over," Olds said. "I think companies need to understand all the applications they have on premises and on the cloud, and develop some criteria for what can go out on the public cloud and what should never go out to the public cloud."

The report was released at the RSA security conference in San Francisco.

Computerworld

 

« Robot Monitors in Homes of the Elderly
Facial Recognition Technologies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

The Hacker News (THN)

The Hacker News (THN)

THN is a leading source for Information Security, Hacking News, Cyber Security, Network Security with in-depth technical coverage of issues and events

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

Mission Secure (MSi)

Mission Secure (MSi)

MSi is a specialized provider of next generation cyber defense solutions protecting control systems and critical physical assets in energy, transportation and defense.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

Cyvatar

Cyvatar

Cyvatar is a technology-enabled cyber security as a service (CSaaS) provider delivering smarter managed security to help you achieve compliance and security faster and more efficiently.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Clearnetwork

Clearnetwork

Clearnetwork specializes in managed cybersecurity solutions that enable both public and private organizations improve their security posture affordably.

InfoSec Brigade

InfoSec Brigade

InfoSec Brigade offers a suite of specialized solutions that help businesses to mitigate risk by integrating cyber and IT security protocols with business goals.

Intelidata Techedge Pvt. Ltd.

Intelidata Techedge Pvt. Ltd.

Intelidata are a Global Cyber Security Consultancy and Services firm that helps companies drive growth by minimizing risk and maximizing potential.

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre is the jurisdiction's Cyber Emergency Response Team (CERT) and national technical authority for cyber security.

Xcede

Xcede

Xcede are global technology recruitment specialists. We connect companies with exceptional professionals who empower growth.