Hard To Keep The Cloud Safe Without Skills

IT managers are finding it difficult to keep their applications and data safe in the cloud, and many are slowing cloud adoption because of it.

That was one of the findings of an Intel cloud security report that surveyed 2,000 IT professionals in different countries and industries last fall.

The issue isn't with the cloud itself, since trust outnumbers distrust for public clouds by more than two to one, according to Intel's survey. IT professionals told Intel that shadow IT and a shortage of cybersecurity skills are causing the most problems.

The study showed that 49% of IT professionals said they have slowed cloud adoption because of a lack of cybersecurity skills, and 65% say shadow IT is interfering with keeping the cloud safe and secure.

"I think people have bought the story that the cloud is a panacea to them," said Dan Olds, an analyst with OrionX. "They think it must be good because the cloud is the hot thing right now. What I've found in my research is that real data center folks aren't that enthusiastic about the cloud, and they don't think it's more secure."

Olds agreed with the survey results that the problem is largely coming from shadow IT, or employees who skirt around their company's IT department to set up applications on their own.

"This problem goes directly back to shadow IT," he said. "You're in a marketing unit and you want a cool application up. Rather than going through IT, you just go out and buy it in the cloud. You're going around IT. That can cause a lot of problems. Companies need to get this under control."

Judith Hurwitz, an analyst with Hurwitz & Associates, said IT shops should pump the brakes when it comes to jumping on to the cloud, and they should think through all of the security implications.

"IT is traditionally skeptical about security issues with the cloud," Hurwitz said. "They are right to reserve judgment. Not all clouds are the same. Some are more secure than others. IT gets the blame if something goes wrong."

And company executives need to make it clear that shadow IT is harmful to the company and won't be tolerated, Olds said.

"First they need real IT to say, 'We will help you,' and then they need to say there will be penalties for going around them," he added. "The penalties need to be significant."

IT needs to take charge of the cloud, especially since the Intel study showed that 62% of the companies surveyed store sensitive customer information in the public cloud.

"Companies might look back and find they've gone too far with the cloud and are paying too much for cloud services they have too little control over," Olds said. "I think companies need to understand all the applications they have on premises and on the cloud, and develop some criteria for what can go out on the public cloud and what should never go out to the public cloud."

The report was released at the RSA security conference in San Francisco.

Computerworld

 

« Robot Monitors in Homes of the Elderly
Facial Recognition Technologies »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Menlo Security

Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

Privacy Analytics

Privacy Analytics

Privacy Analytics enables healthcare organizations to unleash the value of sensitive data for secondary purposes without compromising personal health information.

Sergeant Laboratories

Sergeant Laboratories

Sergeant Laboratories builds advanced technologies to prove compliance in complex IT security and regulatory compliance situations.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

CyGlass

CyGlass

CyGlass simply and effectively identifies, detects, and responds to threats to your network without requiring any additional hardware, software, or people.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

Northdoor

Northdoor

Northdoor provides a comprehensive set of services around information security and works with leading global technology vendors to deploy and manage cyber security solutions.

Canadian Cyber Threat Exchange (CCTX)

Canadian Cyber Threat Exchange (CCTX)

The CCTX is Canada’s not-for-profit, private-sector cyber threat sharing hub and collaboration centre.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Visernic

Visernic

VISERNIC is a cyber security firm with a team of certified security experts dedicated to protecting organizations from evolving cyber threats.