Posted: April 23, 2013
The dangers of the cloud
Do you know where your data is?Cindy Wolf
The rise of cloud computing hasn’t stopped even though the vast majority of the public has no idea what the cloud is. Even half of company IT security practitioners don’t know what happens to the data in their company’s cloud implementations.
Three recent surveys have highlighted the confusion, ignorance and surprise: dangers of cloud computing. First, confusion: Wakefield Research revealed that a majority of cloud users don’t know what the cloud is or that they are even using it (when 95 percent of them are), but that they fake it in conversations at work and even on dates. And it’s okay to fake it because 56 percent also think that whoever they are talking to doesn’t know what it is either. Hint: it’s not related to weather.
Next, Symantec did an even larger survey of cloud users at all sizes of companies. They found that 75 percent of companies have “rogue cloud” implementations, where some part of the organization has put sensitive information into the cloud without company oversight. Their experiences are frightening:
- 40 percent had their confidential information disclosed;
- 40 percent lost data in the cloud;
- 68 percent could not recover the lost data in the cloud from backups;
- 20 percent of those who did recover the data still had to live without it for over 3 days;
- 23 percent have been fined for privacy violations;
- 33 percent had eDiscovery (litigation or law enforcement) requests for data in the cloud;
- 66 percent missed their eDiscovery deadlines incurring fines and impairing their legal position; and
- 41 percent were never able to find the data required for eDiscovery
A survey by Ponemon Institute focused on cloud security. It found that only 50 percent of companies (70 percent of them with over 5000 employees) did security reviews of their cloud solutions prior to implementation. Consequently, only 53 percent of the companies felt confident about the security of their data in the cloud – a slightly higher amount that doesn’t correlate to actual knowledge.
Why is this? The Ponemon survey clarified that responsibility for security was spread across multiple groups: the company’s IT organization, the company’s end users, the company’s IT security team and the cloud provider. The fingers can point in all directions and don’t land anywhere. And as the other studies pointed out: end users are clueless and the consequences of letting them make cloud decisions are downright scary.
Cindy Wolf is a Colorado lawyer with more than 25 years experience representing large and small domestic and multinational companies. Her expertise is in corporate law and commercial contracting, with an emphasis on international issues, technology licensing and the Internet. She can be reached at email@example.com or visit her blog at www.cindywolf.com
This publication is provided for informational purposes only. It does not constitute legal advice. There is no implicit guarantee that this information is correct, complete, or up to date. This publication is not intended to and does not create an attorney-client relationship between you and the author.