Cloud adoption carries big risks for companies

Corporations love the cloud. It's easy, it's everywhere, and it keeps costs down. In fact, recent surveys of information technology professionals by 451 Research, Forrester Research, and the Society for Information Management all suggest they like it so much that they're willing to behave in very dangerous ways to use it.

The 451 survey tells us that CIOs worry about security. The Forrester one suggests that despite these worries, more and more of these companies are taking part in risky cloud behavior. And the SIM one reveals that executives controlling the IT purse strings just don't care.

The problem with the cloud, or at least the problem with the public version of the cloud, is that it's not secure. Hackers, be they criminals or government agents in the NSA, would have to physically steal a hard drive to get locally stored data. They have no such problems accessing cloud services.

CIOs and IS departments know this, and they all pay homage to the importance of security. But they still keep important information in the public cloud--mostly Amazon's, although Microsoft and Google have good size pieces of the market as well. As Matt Asay stated in a ReadWrite article, "Put simply, the increased agility of cloud computing trumps its many drawbacks, including security."

That's asking for trouble. Data in the public cloud is an easy step away from being public data.

It's not as if CIOs are unaware of the security dangers. Asay quotes the 451 Research survey, not available to the public, that suggests that technology professionals are aware of the danger. A full 69 percent of those surveyed identified themselves as highly concerned about security. By comparison, only 45 percent have high concerns about compliance, 25 percent about cost, and a mere 23 percent about employees with a lack of expertise.

Of course, that 69 percent leaves almost of third of those surveyed with only medium or low levels of concern. That  may help explain why, according to the Forrester survey, 40 percent of organizations are already storing company information in public cloud services. That number could easily pass 50 percent next year.

There is a better solution, of course. A private cloud behaves much like a public one, only it's entirely in the company's control, and behind the company's firewall. It's safe and secure, but is available in any location with an Internet connection--but only to people who have permission to use it.

Yes, a private cloud is more expensive to set up. You have to buy the hardware, and in a business environment, someone will have to be paid to maintain it. But in the long run, a private cloud will likely save a company money. If public storage results in a security breach, it can save a great deal of money.

Unfortunately, many organizations are just not willing to spend what it takes to be secure.  According to a Computerworld article by Bob Brown, describing the SIM report, "security accounts for the 14th largest IT investment at organizations, [despite it being] the No.2 biggest worry for IT leaders." In other words, CIOs worry about security, but the CEOs they report to do not. Considering the revelations described in Executive bad habits, including porn, endanger corporate security, that shouldn't surprise anybody.

Subscribe to the Security Watch Newsletter