By Loh Ching Soo, Country Manager, NetApp Singapore | Sep 8, 2011
In a study conducted by Frost and Sulivan late last year, more than 70% of 10,400 information security professionals revealed growing concerns about the increased risk coming from cloud computing and mobile devices.
The adoption of cloud computing may be on the rise but CIOs continue to be wary of new threats. For CIOs looking to embark on the cloud journey, it is worthwhile to understand the risk that their data is now being exposed to. These include:
- Criminal use of the cloud: Unsavory characters may leverage on the cloud to increase the reach and success rate of their criminal activities, as well as evade discovery. Additionally, improved techniques such as phishing and social engineering make it easier for criminals to access critical information in the cloud, compromising the privacy, reliability, and availability of those services. CIOs need to ensure that their cloud providers are able to resist against such malicious threats through more rigorous login criteria, authentication checks, as well as the ability to monitor and track who gets access to their information in the cloud.
- Threats from within: The proliferation of smart mobile computing devices has led to sensitive corporate information being leaked via these devices when employees use them for work. Through the deliberate or unconscious sharing of sensitive company data on the internet, an organization’s brand, finances and productivity can be adversely affected. CIOs need to ensure that their cloud providers are able to put in place measures to protect against threats from inside. This can include providing restricted or temporary access to corporate resources depending on the employee’s profile. Additionally, any company information should not be allowed to remain on private devices after employees have logged off the company server.
- Choice of cloud provider: One of the biggest potential threats to a cloud consumer may in fact be the cloud provider engaged. CIOs need to understand the internal security procedures and computing policies of their chosen cloud provider. Insecure software programming can expose organizations to a variety of security issues related to confidentiality, integrity, availability and accountability. Furthermore, the move towards a third-party cloud infrastructure may mean sharing the same cloud infrastructure with others. CIOs need to be aware of their cloud provider’s existing security controls, how effective these security controls have been, how software programming is integrated with security and how their information will be treated in the event of termination or a security breakdown.
Recent popular content
Recent popular content