Hard To Keep The Cloud Safe Without Skills

IT managers are finding it difficult to keep their applications and data safe in the cloud, and many are slowing cloud adoption because of it.

That was one of the findings of an Intel cloud security report that surveyed 2,000 IT professionals in different countries and industries last fall.

The issue isn't with the cloud itself, since trust outnumbers distrust for public clouds by more than two to one, according to Intel's survey. IT professionals told Intel that shadow IT and a shortage of cybersecurity skills are causing the most problems.

The study showed that 49% of IT professionals said they have slowed cloud adoption because of a lack of cybersecurity skills, and 65% say shadow IT is interfering with keeping the cloud safe and secure.

"I think people have bought the story that the cloud is a panacea to them," said Dan Olds, an analyst with OrionX. "They think it must be good because the cloud is the hot thing right now. What I've found in my research is that real data center folks aren't that enthusiastic about the cloud, and they don't think it's more secure."

Olds agreed with the survey results that the problem is largely coming from shadow IT, or employees who skirt around their company's IT department to set up applications on their own.

"This problem goes directly back to shadow IT," he said. "You're in a marketing unit and you want a cool application up. Rather than going through IT, you just go out and buy it in the cloud. You're going around IT. That can cause a lot of problems. Companies need to get this under control."

Judith Hurwitz, an analyst with Hurwitz & Associates, said IT shops should pump the brakes when it comes to jumping on to the cloud, and they should think through all of the security implications.

"IT is traditionally skeptical about security issues with the cloud," Hurwitz said. "They are right to reserve judgment. Not all clouds are the same. Some are more secure than others. IT gets the blame if something goes wrong."

And company executives need to make it clear that shadow IT is harmful to the company and won't be tolerated, Olds said.

"First they need real IT to say, 'We will help you,' and then they need to say there will be penalties for going around them," he added. "The penalties need to be significant."

IT needs to take charge of the cloud, especially since the Intel study showed that 62% of the companies surveyed store sensitive customer information in the public cloud.

"Companies might look back and find they've gone too far with the cloud and are paying too much for cloud services they have too little control over," Olds said. "I think companies need to understand all the applications they have on premises and on the cloud, and develop some criteria for what can go out on the public cloud and what should never go out to the public cloud."

The report was released at the RSA security conference in San Francisco.

Computerworld

 

« Robot Monitors in Homes of the Elderly
Facial Recognition Technologies »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

RSA Conference

RSA Conference

RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information.

Barracuda

Barracuda

Barracuda provides a comprehensive cybersecurity platform to protect organizations from all major attack vectors that are present in today’s complex threats.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Phirelight Security Solutions

Phirelight Security Solutions

Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

Cyber Security Specialists

Cyber Security Specialists

Cyber Security Specialists Limited provide Security services across a wide range of markets, from multi-national Corporate Organisations and Government Agencies, through to smaller Businesses.

Trusted Objects

Trusted Objects

Trusted Object's mission is to provide state of the art security solutions and services enabling a strong root of trust for the IoT ecosystem.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

WebOrion

WebOrion

WebOrion is an All-in-One Web Security & Performance Suite. Fortify, accelerate and monitor your website today.

Private Client Cyber Security (PCCS)

Private Client Cyber Security (PCCS)

PCCS provides enterprise-grade cybersecurity consulting and services to professional practices, executives, athletes, and high net worth families.

WiebeTech

WiebeTech

WiebeTech’s line of digital forensics tools provide innovative and rugged devices for efficient disk imaging and evidence capture.

Regtank Technology

Regtank Technology

Regtank is a one-stop compliance solution for fintechs, navigating compliance, security and risk management.

Telindus

Telindus

Telindus is the strategic IT partner for the flexible organization of the future. We build optimal IT infrastructure with four components: networking, cloud, cybersecurity and data & AI.

Sensity

Sensity

Sensity is a company that offers an AI-driven solution to detect and verify deepfakes and other forms of identity fraud.

Argantic

Argantic

Argantic aims to help organisations thrive and reach their full potential in a modern cloud-centric era.