Cloud Security Policies Lacking

By | Nov 15, 2012

New research reveals that there's a lack of IT policies when it comes to the topic of cloud security among businesses today.

The survey found that while 20 percent of businesses have no clear security standards around employee use of "cloud," the majority allow employees to use cloud services and access corporate data from cloud applications or connected devices. According to the cloud backup provider company, Symform, this policy versus utilization gap is consistent for both the 61 percent of respondents who said their company is using the cloud, as well as the remainder who reported not officially leveraging cloud services to-date.

Symform's survey took into account the responses from 500 companies across a wide range of industries and organizational size, among them, 34 percent from small to midsize businesses and 48 percent from IT service providers or small businesses. The survey looked at current cloud utilization, cloud security concerns and benefits, security policies and employee use of cloud services, applications and devices.

The Rogue Cloud

According to the survey, bring-your-own-device (BYOD) and the consumerization of IT slows down a business' need to determine the proper IT security standards to govern cloud usage. In fact, of the 39 percent who said they are not using cloud, 65 percent claim to allow employees to use cloud services and 35 percent allow employees to put company data in cloud applications.

IT security standards are a must when recognizing the importance of the cloud. The fact is, the cloud enables small and midsize businesses to spend less time and money on IT and to enhance communication, which is the key to ensuring rapid growth. They experience an increase in productivity and flexibility. However, that will all go to waste if the cloud isn't secured. Symform's survey revealed that secure cloud backup is gaining credibility as a safe place to store or use data, with 50 percent of respondents believing even sensitive data can be secured in the cloud.

IT departments need make sure they are in control from a policy and governance standpoint while still enabling the business to benefit from the cloud's agility and cost-effectiveness.

Future Policy

Small and midsize businesses see the cloud as becoming more important to their business. Therefore, security should be a priority too. Symform's survey points out that IT leaders at a business must take lead of all IT policy, vendor criteria, compliance management, and they must define what "trust" is for their organizations.

Cloud use will continue and grow, but the standards to control it are in the hands of the organization. Security policies are a step in the right direction.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Cloud Computing

Cloud computing can help midsize businesses transform their operations and technology by establishing a flexible, adaptable IT environment to quickly meet changing requirements.

Learn More »

More on This Topic