Security Risks Impact Even Businesses That Stay Out of the Cloud

By Robert J. Mullins  |  Posted 2012-06-14 Print this article Print

The COO of the Cloud Security Alliance warned attendees of a cloud computing conference that businesses are mistaken if they say they don’t use the cloud because individual employees may be doing it on their own.

SANTA CLARA, CALIF.€”There€™s a lot that businesses still have to ask their cloud service providers before signing up for service, especially about how secure their cloud environment is, the chief operations officer of the Cloud Security Alliance said at a cloud conference here.

John Howie explained the security risks associated with cloud computing and the ways businesses can protect themselves and their data at the Cloud Leadership Forum held June 13 and 14. Howie warned that some cloud providers actually turn around and have customer workloads managed by yet another cloud provider. He also warned against using free consumer-grade cloud services for enterprise-grade computing.

The Cloud Security Alliance is a nonprofit organization that provides free information to its membership of 150 companies and 35,000 individuals on how to choose cloud services€“private, public or hybrid€“wisely and with a focus on data security in the cloud.

Howie sought to dispel the notion that the IT department or other managers can claim that they don€™t need to worry about cloud security because they don€™t use cloud services. Typically, individual employees subscribe to cloud services on their own. He gave the example of a businessman he met who was on the phone and couldn€™t send an email because the size of the attached file was too large. The man said he would upload it to DropBox, a cloud-based file-sharing service, instead.

€œYou use DropBox?€ Howie asked the man. €œ€™Well, not officially,€™€ came the reply. €œThat€™s what you€™re finding in your organizations today.€

There€™s another reason to avoid consumer-oriented cloud file-sharing or storing services such as DropBox, Google Drive or Microsoft SkyDrive, he continued. They are free because they€™re advertising-supported and they index the user data to glean information from it on what ads to deliver.

€œThey are probably indexing your data, not because they want to know what your data is at a human level,€ Howie explained. €œBut at the machine level, they want to know what advertisements to send to you to increase the click-through.€

It may be harmless enough for consumers to have their data indexed but an enterprise should not take that risk. There are paid file-sharing services that are better designed for enterprise users and their important security needs.

A related issue is how businesses can remain compliant with government and industry regulations for the security and privacy of company data in the cloud. Not only are there varying regulations on the state and federal level in the United States, there are myriad regulations globally and, increasingly, both companies and cloud service providers operate globally. What regulations a company has to comply with depends on where the cloud service provider€™s data centers are located as well as where the company€™s data centers are located, Howie said.

Robert Mullins is a freelance writer for eWEEK who has covered the technology industry in Silicon Valley for more than a decade. He has written for several tech publications including Network Computing, Information Week, Network World and various TechTarget titles. Mullins also served as a correspondent in the San Francisco Bureau of IDG News Service and, before that, covered technology news for the Silicon Valley/San Jose Business Journal. Back in his home state of Wisconsin, Robert worked as the news director for NPR stations in Milwaukee and LaCrosse in the 1980s.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel