10 Security Reasons Why the Enterprise Still Fears the Cloud

Despite advantages in cost, scalability and flexibility, enterprise companies still are dubious about using cloud services. Here are 10 reasons why.

The single biggest concern indicated by participants is “safety of the data” (40 percent of respondents). This may indicate a certain level of fear, uncertainty and doubt (FUD), since it is generally accepted that cloud implementations can be safer than on-premises solutions.

An obvious side effect of hosting your data in the cloud is that you cannot control who has physical or logical access to the servers on which your data is stored and processed. About 35 percent of survey respondents identify the idea of a DBaaS provider having access to corporate information as a security deterrent to DBaaS implementations.

When data is stored in the cloud, the location of the data becomes a big question. Cloud providers maintain physical data centers in multiple geographical locations for reasons of performance and redundancy. This can introduce problems relating to regulatory compliance and internal company policies. About one-third of respondents identified this as a hindrance to moving their databases online.

Nearly one-third of survey respondents (31.4 percent) identified external parties having access to their database as a reason to keep their data on-premises. While an organization’s database in the cloud makes it theoretically possible for people anywhere in the world to gain access, the same is true of on-premises solutions.

Survey respondents believe regulatory compliance in the DBaaS environment is more complex than for traditional, on-premises databases, with 29.4 percent identifying this as a hurdle to DBaaS adoption. However, tools for addressing these kinds of issues in the cloud are available, though not widely adopted yet.

Driven perhaps by media coverage of distributed denial-of-service (DDoS) exploits, 23.5 percent of survey respondents identified performance attacks that cause a database to become slow or unresponsive as a key hindrance to DBaaS adoption. Ironically, this fear may be entirely unfounded. Companies including Google, Microsoft and Amazon are best-equipped to fend off such types of attacks due to their ability to scale their solutions.

One of the biggest challenges facing IT security teams in large organizations is discovering all the sensitive and regulated data within the organization, such as personally identifiable information (PII). This is true of hosted and on-premise solutions, but 21.6 percent of respondents identified this as a challenge for DBaaS operations to overcome.

SQL injection attacks remain the most prevalent database breach method in use today, and 17.6 percent of respondents identified this type of attack as a reason to stall DBaaS adoption. In an SQL injection attack, malicious SQL statements intended for execution by a database are inserted into an entry field on a Website. One possible result is that the server will expose data from the database that it should never return.

Seventeen percent of survey respondents said that data theft by authorized users is a reason to stall DBaaS installations. This concern should be recognized in both on-premises and cloud databases. DBAs, software developers, quality assurance personnel and others (whether employees or external partners) frequently require extensive access to databases to perform their roles.

Sixteen percent of survey respondents believe that a neighbor tenant gaining access to their database is a key reason to stall DBaaS adoption. There have been publicized instances in which cloud-hosted applications and databases using resources that are shared by multiple customers, or tenants, have inadvertently or maliciously been accessed. That said, most recognizable and reputable providers of DBaaS have adequately eliminated this concern.