Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 28th, 2012 in Cloud Computing, Cloud Security by Simply Security | Be the first to comment | Tags: cloud computing, Cloud Security

Businesses must monitor and protect cloud-based storage environments.

The evolution and consumerization of technology has given businesses around the world the ability to leverage innovative tools that can boost performance, efficiency and overall productivity. The advent of social media and other resources has also given decision-makers a unique opportunity to acquire more insight into the consumer landscape by providing them with massive volumes of data about past purchases, buying trends and other important information that can give them a competitive advantage.

The other side of this coin, however, is that many business executives are losing track of their records during the proliferation of big data. A new survey by Varonis revealed that more than two-thirds of respondents either don't know or are unsure where their corporate information resides. As a result, IT departments cannot implement effective data protection tools to keep mission-critical information safe.

Cloud computing contributing to poor data management

As companies gain more knowledge of and understand the benefits of cloud computing, they are leveraging these tools more often. In fact, a new study by Rackspace Hosting found that more than 90 percent of decision-makers now have positive things to say about the cloud.

"Cloud computing is spurring innovation by enabling business users and developers to deploy, configure and adapt faster," Rackspace CTO John Engates said. "The survey confirms the rapid migration to the cloud as IT leaders reap the benefit of spending more time creating and less time configuring."

Unfortunately, all the advantages of the cloud will be lost if an organization loses track of its information hosted in the virtual environments. According to Varonis, 74 percent of decision-makers said they don't have a process for monitoring information that has been migrated to cloud-based storage structures.

The BYOD (bring your own device) phenomenon is also contributing to the adoption of cloud-based file sync services, Varonis noted. If organizations do not implement the proper procedures for leveraging cloud storage environments, the lack of data security could result in vulnerabilities such as inappropriate access to sensitive files and compliance issues.

The survey noted that only 9 percent of respondents' companies have a process for authorizing access to cloud archives, while 23 percent are developing strategies to do so. This means that more than two-thirds of survey respondents either have no plans they are aware of or simply do not have robust access control policies, making information available to anyone who wants it.

"The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data – or plans to do so – and that management doesn't know where enterprise data is stored," Varonis executive David Gibson said. "This should act as a wakeup call for organizations to develop a conscious strategy to ensure secure collaboration as quickly as possible."

Developing a robust cloud security plan

To begin, decision-makers need to establish which cloud solutions are used the most by employees. They can then determine where sensitive information resides, who in the company has access to it and why they are using it, Varonis suggested. In doing so, companies can institute some responsibility within the organization and educate workers how to safely use cloud repositories and keep track of the information stored within these environments.

Once IT executives understand who is accessing sensitive data and why they are doing so, decision-makers can deploy monitoring tools that ensure only authorized individuals are viewing mission-critical information and that they are doing so in a safe manner, Varonis noted. If any vulnerabilities are discovered, IT departments need to immediately patch up the weaknesses to reduce the chances of a breach or exposure.

Businesses also need to have clearly defined policies for data access if they want to minimize risk, a separate CloudTweaks report said. These should indicate roles and responsibilities to ensure all individuals know the repercussions of breaking procedure.

Additionally, the advent of BYOD requires decision-makers to implement endpoint security tools to ensure that smartphones, tablets and other gadgets accessing cloud environments do not inadvertently expose sensitive information, according to Network World.

"The BYOD to work issue is huge because now you have devices you don't own trying to access your data over networks that you don't control," Websense executive Tom Clare said, according to Network World.

If companies want to experience the full benefits of leveraging cloud-based storage environments, decision-makers need to monitor repositories and deploy the proper tools and procedures to safeguard information stored in the hosted structures. Businesses that fail to do so may expose sensitive information, leading to damaged reputations or worse.

Data Security News from SimplySecurity.com by Trend Micro