Actu
CRYPTOCard survey: 80% of businesses recognise changing security risks as adoption of cloud-based IT solutions increases, yet most have yet to respond effectively
January 2010 by CRYPTOCard
Cloud-based services are fast becoming established as a credible alternative to existing server-based IT solutions across businesses of all sizes. Yet in the drive to achieve the cost and efficiency benefits which hosted technologies can undoubtedly deliver, too many organisations are failing to recognise the new security risks they face and take the necessary steps to provide adequate password protection.
These are among the main findings of a major survey of senior IT staff across UK manufacturing and service businesses undertaken on behalf of CRYPTOCard.
More than 21% of respondents confirmed that cloud computing already forms part of our IT infrastructure or trials are already underway, with a further 27% likely to have a solution in place within the next six months. “This is a very positive vote of confidence in technology that has taken 10 years to hit the mainstream,” believes CRYPTOCard CEO, Neil Hollister, “especially in a tough economic climate in which businesses are less likely to undertake any IT investment. The financial benefits of reduced on-going costs and flexibility are really coming to the attention of the astute business leader.”
More worryingly however, for two thirds of respondents, little or no consideration has gone into evaluating and mitigating the risks associated with cloud-based services with regard to network security, application security or access control, for example.
“It is clear that, in the rush to jump on the wave of Cloud hype, businesses still have a long way to go in identifying and dealing with a new set of network security challenges,” Hollister says.
“The good news however is that some simple steps can be taken here - and cloud-based alternatives to risky traditional passwords are providing fully-effective yet affordable strong password protection for any organisation’s hosted applications.”
Information Security teams unempowered
In other key survey findings:
· Of those respondents who expressed an opinion, 77% agreed that cloud computing helps the company react quickly to changing market conditions, 91% that it allows us to rapidly increase capacity and capability and 75% that it reduces up front costs
· 78% of business owners and 86% of IT departments strongly or very strongly influence the budget for cloud computing applications
· By contrast, in 38% of businesses, the Information Security teams have little or no influence on the cloud computing budget.
“This strong involvement of the strategic business owners in the investment decision, together with the depth of understanding of the real benefits which can be achieved by organisations of any size, both reinforce the view that cloud computing is not just another an over-hyped technology development but is here to stay,” believes Hollister.
“At the same time, it is both extraordinary and frightening that the one team that should have the clearest understanding of the related risks - namely the Information Security department - has the least involvement on the business’s decision-making.”
Passwords and the cloud
· Overall, 36% of IT staff recognised that cloud computing presents a greater risk to information security than in-house computing, with a further 44% confirming that it presents a different risk
· However, typically two-thirds of respondents were unaware of whether or not the business was using individual applications such as Hotmail, Twitter or Google Mail and if these were being used on a cloud- or in-house basis. “This confirms that businesses are using the cloud without evening realising it,” says Hollister. “In doing so, they are unlikely to have the appropriate security measures in place, so exposing themselves to risk.”
Yet for Hollister, overall the responses are encouraging. “Companies are starting to recognise that cloud computing presents them with a different sort of risk, an issue which must be addressed if the momentum in adopting this exciting new technology is to be maintained,” he believes.
“Yet if IT teams don’t have comprehensive visibility and control over what applications are in use across the business and how they are implemented, how can they ensure the network is properly secured? The chances are therefore that too often they will continue to use simple password protection, which is woefully inadequate.
“Different security challenges demand different responses, and here the latest cloud-based password solutions will provide the highest possible level of network protection for cloud –based applications in businesses both large and small.”
