110 Security Reasons Why the Enterprise Still Fears the Cloud
2Safety of Data Storage
3Your DBaaS Provider Can Access Your Data
An obvious side effect of hosting your data in the cloud is that you cannot control who has physical or logical access to the servers on which your data is stored and processed. About 35 percent of survey respondents identify the idea of a DBaaS provider having access to corporate information as a security deterrent to DBaaS implementations.
4Physical Location of the Production Data and Backup Data
When data is stored in the cloud, the location of the data becomes a big question. Cloud providers maintain physical data centers in multiple geographical locations for reasons of performance and redundancy. This can introduce problems relating to regulatory compliance and internal company policies. About one-third of respondents identified this as a hindrance to moving their databases online.
5External Users Can Access Database
Nearly one-third of survey respondents (31.4 percent) identified external parties having access to their database as a reason to keep their data on-premises. While an organization’s database in the cloud makes it theoretically possible for people anywhere in the world to gain access, the same is true of on-premises solutions.
6DBaaS Regulatory Compliance
Survey respondents believe regulatory compliance in the DBaaS environment is more complex than for traditional, on-premises databases, with 29.4 percent identifying this as a hurdle to DBaaS adoption. However, tools for addressing these kinds of issues in the cloud are available, though not widely adopted yet.
7DDoS and Performance Attacks on the Database
Driven perhaps by media coverage of distributed denial-of-service (DDoS) exploits, 23.5 percent of survey respondents identified performance attacks that cause a database to become slow or unresponsive as a key hindrance to DBaaS adoption. Ironically, this fear may be entirely unfounded. Companies including Google, Microsoft and Amazon are best-equipped to fend off such types of attacks due to their ability to scale their solutions.
8Hidden Sensitive Data
One of the biggest challenges facing IT security teams in large organizations is discovering all the sensitive and regulated data within the organization, such as personally identifiable information (PII). This is true of hosted and on-premise solutions, but 21.6 percent of respondents identified this as a challenge for DBaaS operations to overcome.
9SQL Injection Attacks
SQL injection attacks remain the most prevalent database breach method in use today, and 17.6 percent of respondents identified this type of attack as a reason to stall DBaaS adoption. In an SQL injection attack, malicious SQL statements intended for execution by a database are inserted into an entry field on a Website. One possible result is that the server will expose data from the database that it should never return.
10Data Theft by Authorized Users
Seventeen percent of survey respondents said that data theft by authorized users is a reason to stall DBaaS installations. This concern should be recognized in both on-premises and cloud databases. DBAs, software developers, quality assurance personnel and others (whether employees or external partners) frequently require extensive access to databases to perform their roles.
11Neighbor Tenants Can Access Your Data
Sixteen percent of survey respondents believe that a neighbor tenant gaining access to their database is a key reason to stall DBaaS adoption. There have been publicized instances in which cloud-hosted applications and databases using resources that are shared by multiple customers, or tenants, have inadvertently or maliciously been accessed. That said, most recognizable and reputable providers of DBaaS have adequately eliminated this concern.