There is plenty of evidence stating that more companies are moving to the cloud. Likewise, there are many reports around why companies have yet to adopt it into their enterprise mobility strategy. For example, one report from Cloud Security Alliance (CSA) revealed that 60% of companies who have yet to move to the cloud are hesitant due to cloud security and privacy concerns. Instead, they are opting for on-premise deployment systems.
Can you blame those companies who are hesitant? In the last couple of years, there have been reports of data breaches related to the cloud. For example, the data leak that got the most attention was the iCloud photo scandal that happened back in August of 2014. Celebrities such as Jennifer Lawrence and Olympic gymnast McKayla Maroney had their personal photos leaked for the entire public to see. But is the general public really getting the whole story?
The answer is no.
In fact, as Marc Clark stated in a recent Forbes article, “When one thinks about data breaches, not a single breach that comes to mind was actually a cloud breach.” It’s important to recognize that the celebrity photo hacks were successful because they were “very targeted” attacks. Hackers aimed their sights at specific celebrities. They were able to guess their usernames and passwords in order to gain access to these personal photos—it was not the iCloud technology, itself, that was hacked.
So, if usernames and passwords are the problem with cloud-related hacks then are we, the users, the problem that is threatening the reputation of the cloud? Unless we take every security precaution that the cloud provides to us, then yes, maybe we are the problem.
After the celebrity photo hack scandal, Mashable released an article that discussed the security measures users should take in order to increase their iCloud security. The article recommends the following:
- Use secure, unique passwords for all accounts and devices
- Use two-factor authentication when available
- Enable locks and passwords on computer and phone accounts
- Run the latest version of an operating system
Clark makes an excellent point when he states that companies that are concerned about cloud security might actually have concerns about control. With an on-premise system, they are solely responsible for their data and content. Their reasoning for staying with an on-premise system is that if it hasn’t slipped up yet, why switch?
Clark and my rebuttal to the “if it ain’t broken, don’t fix it” mentality is the following question: Does location equal security? When money is hidden under my mattress, I have the most control over it. But I would feel much safer with my money in the bank where I can ensure its security. I don’t have the same resources as the bank to keep my money safe.
My point? Protection of content, information, and data is a cloud provider’s main mission. Cloud providers don’t invest in security and privacy just because it is something that is important to their customers. The bottom line is, security and protection is what their entire business revolves around. If a cloud provider experiences a security breach, their entire business mission would be questioned. The trust would be lost and extremely difficult to get it back. This is why cloud providers make security their top priority.
Let’s be clear—I am not saying that every single cloud provider makes every effort required for data security. I am not able to say that all cloud providers have bullet-proof security walls that will never get hacked into. However, I do think that companies should consider that they may be resisting the cloud not because of security, but control over their data.
Key Takeaway: Do your research before committing to a cloud provider and make sure they can truly protect your data better than you can. It’s time to stop assuming that the cloud is a less secure place than your on-premise system. After all, you know what happens when you assume.
Has your company moved to the cloud? Do you still have security and privacy concerns? Let us know!
Comments are closed.