Symantec survey examines increase in “rogue clouds”
A new research report from Symantec has warned against the use of ‘rogue’ clouds for best practice.
The survey, entitled ‘Avoiding the Hidden Costs of Cloud’, spoke to IT execs at 3,236 organisations across nearly 30 countries worldwide and found that there was a link between using rogue clouds and losing confidential information, resulting in hidden costs.
A rogue cloud is one which is unauthorised, or as Symantec put it, “business groups implementing public cloud applications that are not managed by or integrated into the company’s IT infrastructure.”
In a related blog post, Symantec came up with four tips to ensure avoiding these cost traps:
- Focus cloud policies on information and people rather than technologies and platforms
- Educate, monitor and enforce policies
- Embrace platform-agnostic tools
- Remove all duplicate data in the cloud
The results of the survey showed that rogue clouds were an issue in three quarters of all organisations, with 20%, worryingly, saying they didn’t realise they had it.
“Perhaps the sales manager signs his department up for Salesforce without thinking to consult IT. Or perhaps marketing shares important launch materials with outside vendors via an unauthorised Dropbox account,” the report notes.
It continues: “In either case, the organisation has put sensitive information into the cloud without organisational oversight...to save time and money: going through IT would make the process more difficult.”
At first glance the study evidently does no favours in reaffirming users with the idea that clouds are fully secure, however this would be inaccurate; it’s down to bad practice and lack of due diligence, rather than the cloud itself, which is inherently risky in this instance.
Two in three (68%) respondents admitted that they’d had a recovery failure in the cloud, and more than one fifth said that recovering from the cloud would take more than three days. As the report notes: “How many businesses can afford to shut down for three days?”
But there is good news; according to the report, 94% of enterprises are “at least discussing cloud or cloud services”, up a huge amount from 75% a year ago and evidence of the all-encompassing nature of the cloud and its potential.
There has of course been plenty of column inches dedicated to cloud security over the past few months, from VI’s 10 tips on keeping information safe last week to a comprehensive for and against on cloud security by Wieland Alge in December.
How can rogue clouds be eradicated from organisations?
- » Data sovereignty and the cloud: How do we fully control data amidst the cloud sprawl?
- » Securing your data centre from human error with a multi-step security approach
- » Is your data privacy and security bulletproof?
- » Lack of vendor visibility is number one pain point for cloud customers
- » Public cloud generating more than $20bn quarterly for IT companies