{"id":279,"date":"2010-08-10T00:00:00","date_gmt":"2010-08-10T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2010\/08\/10\/assess-security-of-cloud-computing-apps\/"},"modified":"2021-12-30T11:36:54","modified_gmt":"2021-12-30T11:36:54","slug":"assess-security-of-cloud-computing-apps","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2010\/08\/10\/assess-security-of-cloud-computing-apps\/","title":{"rendered":"Assess Security of Cloud Computing Apps"},"content":{"rendered":"<p>New research finds that while cloud computing services are being widely adopted, more than 50 percent of IT professionals surveyed say their organization isn&#8217;t aware of all the cloud services employees are using &#8212; and few were evaluated for security before use.  The rapid-fire adoption of cloud computing might offer real advantages for small and mid-size businesses, but it also carries significant risks.  Too often, organizations simply aren&#8217;t keeping up with the cloud services their employees are using, according to recent research by the Ponemon Institute, an independent think tank focused on privacy and data security, and CA, Inc., an IT solutions provider.  More than half of the IT personnel surveyed in the May study said their organization isn&#8217;t aware of all the cloud services employees have deployed, and less than half said that cloud services are evaluated for security before use.  &#8220;I think it shows a potential security meltdown in using cloud computing,&#8221; said Larry Ponemon, chairman and founder of the Ponemon Institute.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cloud solutions offer &#8220;revolutionary potential&#8221; for small and mid-size businesses, says Mark White, chief technology officer for Deloitte Consulting LPP&#8217;s Technology practice.  &#8220;The cloud is a real boon to small business.&#8221;<\/p>\n<p>The cloud can be a disruptive force that can help small businesses punch bigger than their size,&#8221; says Charles Babcock, author of Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can&#8217;t Afford to Be Left Behind (McGraw-Hill, 2010).<\/p>\n<p>Understanding how your employees are deploying cloud computing and establishing some sense of control are critical to managing security risks, say experts.  It&#8217;s not just a matter of cataloging cloud services embraced by your IT department or at an enterprise level, cautions Babcock.  Just because you haven&#8217;t embraced cloud computing doesn&#8217;t mean your employees aren&#8217;t working in the cloud.<\/p>\n<p>White often has conversations with CIOs who tell him their organizations don&#8217;t use cloud computing, only to find the company&#8217;s employees are doing so.  &#8220;For employees, some enterprise issues of standardization, information privacy and security may not be at the top of their list,&#8221; White says.  Be aware that employees might be reluctant to reveal what they&#8217;re doing in the cloud if they know they&#8217;re violating company policy or taking risks.<\/p>\n<p>In the Ponemon survey, 68 percent of IT professionals thought cloud computing is too risky for financial information and intellectual property.  &#8220;It&#8217;s not a very good defense for the CIO to stand up in court and say, &#8216;I had no idea where the data was.'&#8221; * Vet cloud service providers.  &#8220;If you don&#8217;t feel that way with the cloud vendor you&#8217;re talking to, you probably need to go back to the drawing board and find someone you can trust.&#8221;<\/p>\n<p>Although cloud computing might pose something of a &#8220;security minefield&#8221; right now, businesses have little choice but to catch up with the technologies their employees are embracing, says Ponemon.<\/p>\n<p>http:\/\/technology.inc.com\/security\/articles\/201008\/cloud.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-279","post","type-post","status-publish","format-standard","hentry","category-cloud"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/279","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=279"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/279\/revisions"}],"predecessor-version":[{"id":2766,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/279\/revisions\/2766"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}