The CXO view: We’re still unconvinced on cloud storage security


Less than one in three delegates polled at the Infosec 2015 event in London believe the cloud is a safe storage solution for corporate data.

The survey from digital encryption and USB specialist iStorage, which questioned more than 270 respondents including heads of IT, CIOs and CTOs, saw almost half (48%) say they do use cloud technology to store confidential information. 54% of those polled say they still use USB devices to store information.

Over three quarters (78%) said they were currently aware of policies within their organisations covering data protection matters, while a similar number (75%) affirmed they knew who specifically was responsible for data protection within their firm. Yet the imminent EU data protection regulations – which this publication has recently covered – caused more of a pain point. Only 50% of respondents said they understood what the regulations would mean for them individually and their organisations.

John Michael, iStorage CEO, said: “Cloud technology may make life easier for mobile workers but it’s certainly not without its risks; it really should only be used to store encrypted, non-sensitive information.” He added: “Ultimately, the cloud concept refers to a physical data centre and as such users are very much reliant on trusting cloud providers to protect any information that they store in this way.”

This is not a view that everyone agrees with, however. Kelly Stirman, VP strategy at MongoDB, spoke at the recent Cloud World Forum event on five tips for making success a reality in the cloud. Subtitled “escaping cloud cuckoo land”, Stirman blasted a few myths out of the water; one of which being the security of the cloud.

“Cloud is not secure – [it’s] just not true,” he told CloudTech. “Most of these guys are vastly more secure than any of us can design in our own systems.” He added: “People tend to object to cloud, their operation [team’s] obligation...because it’s not secure. No, this thing is incredibly secure, but your ops teams need to know how to configure to be secure where you need to be secure.”

iStorage also argues that, for those who still like to use a USB to transport company information, robust encryption capabilities need to be fitted. By remarkable coincidence, the company is also hawking a new USB 3.0 drive, the datAshur SSD, with auto-lock features, self-destructing PIN and brute force protection.

Regardless, despite cloud storage providers beefing up their business credentials – Box’s customer wins with the US Department of Justice, Dropbox’s adoption of the ISO 27018 standard – there still remains a fair amount of scepticism over the validity of cloud among the C-suite.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

29 Jun 2015, 4:55 p.m.

There's no doubt that some CXOs are skeptical of cloud security. Others, though, are increasingly confident that cloud's benefits outweigh any risks. ( -- Chris Nerney, commenting on behalf of IDG and Microsoft


1 Jul 2015, 5:02 p.m.

I agree that “Cloud technology may make life easier for mobile workers but it’s certainly not without its risks; it really should only be used to store encrypted, non-sensitive information.”

Gartner recently reviewed new and interesting cloud security approaches that can help organizations with additional flexibility for cloud deployments.

The first report is from June 2015 with the title “Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data. Another Gartner report concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files stored in SaaS applications”.

Ulf Mattsson, CTO Protegrity