Last December, a survey of U.S. business professionals by the British commercial property management firm Savoy Stewart determined that several data-intensive industries had a profound distrust of cloud computing.
The survey found 92% of health care professionals, 88% of financial services professionals, 67% of insurance professionals and 35% of tech sector professionals expressed a distrust of cloud computing.
Tech sector respondents had the best understanding of what cloud computing encompasses, with 77% of respondents claiming knowledge. Only 40% of health care professionals, 32% of financial services professionals and 18% of insurance professionals acknowledged an understanding of what cloud computing was all about.
The one area where these industries found agreement involved why they distrusted cloud computing, with data leaks and lack of control being cited as the primary concerns. This apprehension was not unique to the U.S. market. Savoy Stewart found similar levels of agitation and confusion surrounding cloud computing in the major Western European economies.
Last month, the National Security Agency (NSA) issued an advisory with technical guidance for procuring and securing systems reliant on cloud service providers. According to the agency, it conducted an analysis of security observations related to Microsoft Office 365 and detected “advanced persistent threats associated with managed service providers, including cloud vendors.”
The NSA issued a guide that sought to mitigate the potential problems in this technology.
“With careful implementation and management, cloud capabilities can minimize risks associated with cloud adoption, and empower customers to take advantage of cloud security enhancements,” the NSA guide stated. “Security in the cloud is a constant process and customers should continually monitor their cloud resources and work to improve their security posture.”
And this raises the question: is cloud computing safe for businesses? The answer, it seems, isn”™t clear.
Al Alper, CEO of two Wilton-headquartered information security firms ”” Absolute Logic and CyberGuard360 ”” cautioned that making a blanket statement about cloud computing is difficult because it spans several different high-tech solutions.
“Cloud computing is a buzzword that covers such a vast array of opportunity,” he explained. “When you say cloud computing, you can be talking about virtual private infrastructure or virtual private cloud. They are as safe as your own infrastructure, as long as you have the right people setting them up. If you”™re talking about cloud computing with things like hosted applications, including SalesForce and FusionSoft, you are reliant on the vendors having a security envelope ”” and they are frequently not terribly secure, unfortunately.”
The cybersecurity aspect of cloud computing, according to experts, is a two-pronged consideration. One part of the equation is the responsibility of the user.
“What makes it safe are the tools you apply to it,” added Imtiaz Allie, managing partner at Stamford-based Innovative Network Solutions Inc. “They are just giving you a platform to put your information. You are responsible for protecting the data.”
Heechang Shin, associate professor at New Rochelle”™s Iona College, pointed out that while cyberattacks from digital miscreants are the new normal in the tech world, many breaches involving cloud-stored data are the result of carelessness on the part of the user, ranging from weak passwords to trusting the wrong in-house staff with sensitive material.
“A real threat might come from the customer using those services,” he warned. “Many data breaches are the result of human error based on how their cloud computing service is set up.”
The second consideration for cloud computing safety involves the platform host.
Buddy Pitt, director of technical development at Network Support Co. in Danbury, urged would-be cloud computing users to run a due diligence test on the potential platforms they might use.
“What are their security measures?” Pitt asked. “How are they set up to back up data? Will you need another cloud provider or a third party for backing up data? On the Internet, there is 99.9% uptime, but in any given year you will have three days of downtime.”
Pitt recalled news from last November when National Veterinary Associates (NVA), a California company that owns more than 700 animal care facilities around the world, was hit by the Ryuk strain of ransomware that targets cloud providers.
“That took operations offline and impacted 400 veterinary clinics,” he added.
Too many people are under the mistaken belief that the cloud platform is inherently safe just because it is off-site.
“It”™s just someone else”™s computer,” said Michael Schechter, president and CEO at Computer Experts Group Ltd. in Katonah. “It makes it seem sexier and more secure than it is. But it”™s just someone else”™s computer in someone else”™s data center.”
Schechter added that many smaller businesses have been dubious regarding cloud computing, but not because of high-tech questions.
“It is usually the small-business owners that tend to view any change with a crooked eye,” he said. “They believe, ”˜If it is working for me so far, and that seems very different from what I”™m used to.”™ ”
Schechter warned that these smaller businesses ”” with many lacking in-house IT staff ”” might actually be less safe outside of the cloud.
“If you think you”™re too small to be a target, you should know that most ransomware attacks are on smaller companies because they didn”™t have the wherewithal to protect themselves, cybersecurity-wise,” he said.
Jaime Urteaga, founder and CEO at Digital Chair Inc. in White Plains, agreed, noting that cloud computing may not be perfect, but for many companies it is the better choice than going it alone.
“Ultimately, there”™s nothing that”™s 100% safe,” said Urteaga. “Everything is open to some sort of attack. But cloud computing is safer than what we had before.”
