According to annual cloud-computing surveys conducted by North Bridge Venture Partners, the number of businesses confident in cloud servers and services jumped 37 percent from 2011 to 2012. By 2013, the survey reported that almost two-thirds of businesses were partaking of some type of cloud software service. The cloud is happening now, and it's brought security and audit concerns with it.
Innumerable data-security risks are inherent in cloud services. Companies struggling to integrate cloud servers into industry-compliant processes have a variety of concerns, ranging from the problems involved in managing data online, to the possibility of employees at cloud vendors gaining access to sensitive information. Things are especially difficult for organizations in heavily regulated environments such as healthcare or finance.
According to a UK consultant firm, Ovum, improvements in cloud servers and security are making it possible for businesses in finance to take advantage of the lower costs and productive environment of the cloud. In the United States, however, there are security and audit concerns on all fronts. According to UK information technology expert Nick Booth, the revelations made by former NSA employee Edward Snowden have made some foreign enterprises reluctant to use American cloud servers because of potential threats to information posed by the NSA.
Law enforcement isn't the main concern for many American-based companies. Cloud services open the door to hacks and malicious attacks, putting the onus on technical departments to secure information on an ever-widening field of play. The need for increased and more complex security has opened doors in the technical industry. Threat Stack, a start-up out of Massachusetts, recently reported that it had received over a million dollars in investment funds to launch Cloud Sight, a forensics and intrusion-detection product being designed to protect cloud servers.
Getting the right level of protection for cloud processes is important because industries are increasingly developing oversight into cloud use. Organizations in regulated environments will need to prepare for cloud-based audits, and even standard audits, such as the healthcare industry's Joint Commission process, may delve into security issues related to cloud computing. Even NASA, which moved 140 functions to private-sector cloud resources in 2009, failed a compliance audit. To learn from NASA's failure, organizations should ensure that all points of access to cloud computing are secure, stay up-to-date on regulations, and create in-depth policies and training to manage their use of the cloud, both on and off their premises.
A study from IBM indicates that organizations with high cloud adoption report revenue growth almost double that of their competition, so it's unlikely the security and audit concerns will deter businesses from increasing their cloud dependence in the future. Although the increasing reliance on cloud servers is good news for the technology industry, it does place a higher level of responsibility on those who handle data and system security.
(Photo courtesy of freedigitalphotos.net)