Sign in
- Please contact your account administrator for more information on your access.
Follow us
- Twitter
- LinkedIn
- Newsletters
- Facebook
- YouTube
Register
CRN Essential
Events
- Upcoming events
  CRN Sales & Marketing Awards 2021
  
  The CRN Sales & Marketing Awards recognise and reward the achievements of those individuals and teams that are responsible for making the UK IT channel truly great.
  
  Date: 08 Jul 2021
  View all events
Whitepapers
- LATEST WHITEPAPERS
  
  What are the opportunities for the channel with the growth of AI?
  Encryption, privacy, & data protection: a balancing act
  
  This white paper examines the risk posed by encrypted threats; considers the business, privacy, and security implications of managing that risk; and presents constructive measures for balancing security needs with employee privacy rights. In the end, the best way for IT leadership to ensure the rights of the individual employee is to protect the organization from threats and attacks.
  Download
  
  How do MSPs really feel the channel will shape up by 2020?
  On borrowed time?
  
  Cybercrime has become a huge part of our economy and it is a topic that is getting more and more attention in the news media. The cybercriminal stories making headlines involve big companies such as British Airways and Marriott etc. However, smaller companies are just as susceptible to cyber- attacks. Often these attacks are much more damaging to smaller businesses, sometimes forcing them to shut down completely. One report from Verizon claims that 43% of email attacks target SMBs.
  Download
  
  Find whitepapers
  
  Search by title or subject area
  
  View all whitepapers
A-list
Top VARs
Printer Supplies

Security continues to rain on cloud's parade

PRESENTED BY GEMALTO: Data security and privacy concerns remains major barriers to adoption even as cloud computing goes mainstream

CRN staff
25 February 2016

Tweet
Facebook
LinkedIn
Send to

For all its plaudits, cloud computing has failed to shake off the tag of being a risk when it comes to security and privacy.

Analyst Synergy Research recently declared 2015 the year cloud "went mainstream", while IDC claims cloud accounted for over a third of the global IT infrastructure market for the first time last year.

But -rightly or wrongly - the cloud still has an image problem, with figures from the Cloud Industry Forum (CIF) suggesting privacy and security worries remain as big a barrier to adoption as they were five years ago.

According to CIF, over the course of the last five years, data security and data privacy have remained constant as the two primary concerns cited by end users when migrating to cloud. What's more, while CIF said one might expect these to lessen as the industry matures, they have actually heightened.

The number of UK organisations who see data security as an inhibitor to cloud adoption rose from 61 to 70 per cent between 2014 and 2015. Data privacy was found to be the second biggest inhibitor. It was cited by 61 per cent of respondents, compared with 54 per cent in 2014.

And these figures have remained roughly constant for half a decade, since CIF began conducting the survey in 2011, said CIF board member Ian Moyse.

"Over five years you would think we as an industry would all have got better at this, but the figures have remained pretty static," he said. "Data security and privacy remains a major concern in adopting cloud technology."

He added: "The threat here is the noise they see in the press and the industry. Look at the last 12 months, with Ashley Madison and TalkTalk and Marks & Spencer. Cloud gets tainted along with it and customers are thinking ‘if I'm making the decision to go to the cloud, am I putting myself at risk?'"

2015 saw cloud "go mainstream", according to analyst Synergy Research, which said that global cloud revenue grew 28 per cent to $110bn in the 12 months ending 30 September 2015.

And adoption is certainly growing in the UK, with 84 per cent of UK organisations using cloud as of last year, according to CIF, up from 78 per cent the previous year, 69 per cent in 2013, 61 per cent in 2012 and 53 per cent in 2011. Some 78 per cent use more than one cloud service, with web hosting, collaboration, e-commerce platforms, advertising, online marketing services and email found to be among the technologies with the highest cloud penetration. alt=''

But CIF said that security will remain the top cloud inhibitor for the foreseeable future, adding that the role of the industry must be to educate users on their responsibilities for data protection and to enforce policy management as necessary.

Another problem businesses face in the cloud is a lack of awareness of what data they need to protect, where it resides and what the risks are. Data is now stored and accessed in multiple places and from multiple devices, which means businesses need to bring security controls closer to the data. This means using access control to protect identities and ensure only authorised users and services have access to the sensitive data, as well as encryption and centralised key management for data both at rest and in transit. using both authentication and encryption, for data both at rest and in transit.

Success in the cloud requires a focus on security, including addressing baseline security controls, such as identity and access management, anti-virus, and encryption. A secure and centralised key management solution is also vital for demonstrating adherence to many different compliance mandates in cloud environments.

Ameneh Zaher, pre-sales manager NW EMEA at security vendor Gemalto, agreed that security and privacy concerns are often still a barrier for customers looking to migrate to the cloud. A common pain point is the customer's desire to retain full control of their encryption keys, particularly if they need to do so for compliance purposes, she said.

"They want to have full control of the assets they are placing into the cloud from a single place," Zaher said.

"Quite often, customers feel they have to decide whether they want to move to the cloud or to stay secure. Decoupling the keys from the encrypted data is quite important. We can enable them to go to the cloud and stay secure and compliant and have full control of their keys and hence their entire assets; in our hardware security modules and key management platform."

A recent study commissioned by Gemalto and conducted by Ponemon Institute found that just 38 per cent of organisations have clearly defined roles and accountability for safeguarding confidential or sensitive data in the cloud.

Moyse agreed that it is not cloud per se that is scaring customers, but the fear of losing data, which he said makes encryption a hot topic.

"If someone broke into my office but all the data was secure and locked away, there's minimal impact," he said. "With the cloud world, it's the same thing. If in the worst-case scenario someone gets access to something, if they can't see anything that is private to the customer, it doesn't matter."

Mark Evans, UK country manager at security VAR Integrity 360, said he viewed cloud security as an opportunity rather than a threat for channel partners that have traditionally focused on locking down on-premise environments.

"It's an area we are looking heavily into," he said. "We are seeing a lot of live systems going into hosted environments such as AWS and Azure. That could be a threat but also an opportunity for us and we are looking at our cloud strategy and how we assist customers looking to move into the cloud - there are a lot of questions about where the data goes and how well it is being managed."