Increase in cloud adoption raises security concerns
The growth in cloud computing has been explosive. In 2010, the cloud computing industry was estimated to be worth $37 billion; by the end of 2015, the global cloud market is expected to reach $121 billion.
This increase in cloud adoption is a trend set to continue, with 64% of companies saying they expect to increase spending on cloud technologies by 15% this year.
Larger enterprises are responsible for driving much of this growth. Whereas previously larger organizations may have been reluctant to invest in cloud infrastructure because of concerns over security, the advancements in cloud technology are finally beginning to convince them that the cloud can be safe – if implemented correctly. More than 50% of organizations still cite that security in the cloud is a concern, and that cloud service providers need to be able to meet their security and compliance requirements before implementing cloud services. Other reasons for not adopting cloud services and solutions are concerns surrounding implementation, and concerns about information governance.
In a study conducted by IDG Enterprise, businesses rank cost cutting as the most important factor when investing in cloud computing, whereas meeting security, privacy or compliance goals was ranked as the least important.
While this may be down to IT professionals seeing cloud and security technologies as two completely separate projects, data security should never be an afterthought when considering the move to the cloud.
Furthermore, for the organizations that took part in the study, the most significant increases in spending over the next 12 months were expected to be in security (46%) and cloud (42%). If investment in cloud and security are both set to increase, organizations need to ensure they select a reliable vendor that is able to deliver on both. Investment must be made in suitably secure platforms.
Organizations may be right to be concerned about the security of data stored in the cloud. Some of the top companies deploying cloud technologies, such as Yahoo, Gmail and PayPal are still not encrypting data at rest – and they are not alone. In a report published by Skyhigh earlier this year, 89% of cloud services do not encrypt data stored at rest either.
Cloud services that allow for increased productivity through collaboration and mobility are often where data security concerns are raised. Many organizations using these technologies, such as cloud file sharing platforms, are unaware of the risks, wrongly assuming that their data is completely secure in the cloud.
While the front end of the majority of these platforms are robust, unencrypted stored data, and data that is not encrypted during transmission, leaves organizations vulnerable to hackers. Many of these platforms only deploy server-side encryption, rather than an end-to-end solution. Cloud services using server-side encryption store the keys to those files on their own servers, meaning if a hacker gets access to those servers, they can also decrypt those files.
End-to-end encryption ensures that the files are encrypted not only en-route, but also before and after a file arrives at its destination. Sensitive data needs to be encrypted both during transmission and at rest, and appropriate access control mechanisms need to be implemented so that organizations have full visibility and control over who accesses information; including the ability to restrict and remove access rights of individuals that have left the company.
At Scrypt our secure cloud solutions offer a safe way of sharing and storing files, using multi-factor authentication and end-to-end encryption. To find out how our solutions can help your organization take the leap into using cloud services, get in touch with a member of our team today.