What has the cloud ever done to you? General enthusiasm for moving huge tranches of private, sensitive company data onto the public cloud seems to wax and wane. It waxes as prices drop, new pay-as-you-go business plans emerge and new SaaS products go online, and it wanes when the media cover an Ashley Madison or a TalkTalk hack – and there have been plenty of those in 2015.
Security concerns remain the most common reason for businesses avoiding public cloud services, but providers like AWS, Microsoft, Google and IBM insist that their clouds are safe. That only leaves one weak link – the people who work for the businesses that use them. If the cloud isn't as safe as it should be, it's your fault.
The public cloud's weakest link
According to analysts at Gartner, 95% of cloud security failures by 2020 will be the customer's fault. "Only a small percentage of the security incidents impacting enterprises using the cloud have been due to vulnerabilities that were the provider's fault," says Gartner's report Top Strategic Predictions for 2016 and Beyond: The Future Is a Digital Thing.
Though it points out that organisations shouldn't assume that using a cloud service is secure, it also underlines the fact that the parts of the cloud stack under the control of users puts the whole concept at risk.
"Cloud computing [is] a highly efficient way for naive users to leverage poor practices, which can easily result in widespread security or compliance failures," it reads. Cue the growing market for public cloud control tools – Gartner predicts that by 2018 over half of all companies employing over 1,000 people will use cloud access security broker products to monitor and manage their use of the public cloud and SaaS.
How concerned are companies?
Data security is one of the major reasons why some companies are wary of jumping on the bandwagon. "Comprehensive network security is vital to any business, and public cloud services simply don't offer the appropriate levels of protection afforded by a private network solution," says Stephen Donovan, Marketing Manager at AVR International, which provides specialist IT security and mobility solutions.
He continues: "In our experience, companies are wary of public cloud services because they lack the key preventative measures required to adequately protect sensitive corporate data and information – thus making them an insecure platform on which to operate long-term."
If, however, users implement a combination of efficient authentication processes with the appropriate IT security software, it is possible to protect and secure data on a fully public cloud service.
The fuss over PRISM in 2014 and the abolition of the Safe Harbour Agreement were huge media events with a long-term impact. "They have influenced the public opinion and drastically increased company concerns when it comes to the security of public cloud services," says Sandra Adelberger, director of product marketing at on-premises and cloud software company Acronis. "But on the other hand, more and more businesses realise that they need to leverage cloud as it can bring huge benefits to them in multiple ways."