Cloud computing can lead to increased data security breaches, expert says

Cloud computing can lead to increased data security breaches, expert says

As organizations worldwide deal with data security issues, the use of cloud computing may lead to an increase in breaches, according to a recent Silicon Republic report.

This analysis comes from Don Smith, senior vice president of engineering and technology at Dell, who recently encouraged companies to consider how moving their operations to the cloud may increase their risk of data security breaches.

"As cloud computing adoption picks up pace, promising compelling cost savings and ease of management, it will quickly move from hype to large-scale deployment," said Smith, according to Silicon Republic. "It is important to remember that the risks associated with cloud services are the same risks that we've collectively been dealing with for many years. The only difference now is the context in which they exist."

The news provider's John Kennedy added that while security issues have stopped some companies from adopting cloud computing services, others have used the technology without considering the dangers of storing their data outside of their organization.

Since an organization's data is stored in the cloud, it may not be aware that information has been compromised. According to Smith, companies may also become complacent because they believe that their data is safe behind a firewall, so it is automatically secure, which is not always the case, Silicon Republic reported.

"The most common type of cloud service is Software-as-a-Service, but organizations are also adopting infrastructure-as-a-Service and making forays into Platform-as-a-Service offerings, said Smith.

Smith encourages organizations to conduct a formal risk assessment regarding what type of outsourced service they plan to adopt. By approaching the cloud this way, companies know what they are being exposed to and where the risks are, Smith said, according to the report.

In addition to Smith's assertion regarding the cloud, Dell's SecureWorks team advises companies to consider several aspects of the technology before making the migration. According to the Silicon Republic report, organizations should ask if their data is segregated from other customer information, which parties have access to the data, how is the access controlled, can they migrate their data to another cloud provider or back in-house and what security controls are available to protect the information.

While some experts are concerned with the stability of cloud computing, a study released earlier this year by nCircle revealed that many companies indicated they are more likely to adopt cloud services providers that are compliant with standards from the Federal Information Security Act and Payment Card Industry.

Of the more than 550 participants surveyed, 69 percent said they considered FISMA and PCI compliance important factors to consider before migrating to the cloud, up from 63 percent who said the same last year. According to the study, nearly 70 percent of organizations were considering adopting cloud computing services, increasing from 66 percent from 2010.

"These results are a clear indication that there is demand for specific and tangible assurance of security and compliance measures from cloud vendors," said Tim Keanini, chief technology officer for nCircle. "IT security professionals are informed buyers. They know that cloud vendors currently produce very little evidence of their internal security and compliance processes and do not allow their customers to conduct their own security and compliance audits."

Other findings of the nCircle survey revealed that despite security concerns, 32 percent of participants said the cost benefits of cloud computing outweigh the risks. According to the study, this has also grown from 2010 levels, when 26 percent of organizations answered similarly.