Firms relying on previous cloud generations are vulnerable to attack, warns Ovum

Ovum has released a new white paper analysing the role of security in enterprise cloud adoption. Authored by principal analyst Andrew Kellett alongside FireHost, the industry’s leading secure managed cloud provider, the white paper spotlights the following:
· Security remains the biggest issue preventing enterprise cloud adoption
· An IT security skills shortage has made it difficult for enterprises to manage cloud in-house
· The failure of cloud providers to implement security features has left previous generations of technology vulnerable
· More sensitive data is being stored in the cloud, but basic security controls are no longer enough
· Incorporating greater security and a better approach to compliance as an overall risk reduction strategy are key to furthering cloud adoption

One of the main conclusions from the white paper is that security is not keeping pace with the rapid adoption of cloud computing and multi-cloud strategies. Although Ovum’s research indicates that the volume of sensitive corporate data stored in the cloud continues to grow, with enterprise cloud adoption rates exceeding 80 percent, in many cases this data is not adequately protected. Kellett explains in the report, “Security, or lack thereof, is a significant issue. If there is one problem area inhibiting further adoption of cloud-based services, it is enterprise concerns about shortfalls in the protection regimes of many cloud service providers.”

Kellett attributes this issue to the growth of new security challenges, a security skills shortage and the failure of cloud service providers to prioritise data protection features. “On too many occasions, security policies only come into place once a new technology has already gone mainstream, and this is certainly true of the cloud industry. Many cloud providers have been guilty of ‘bolting on’ security as an afterthought, something which has left previous generations of technology vulnerable to malware attacks, advanced persistent threats and other breach tactics.”

The white paper issues a call to action for organisations to change the overall business-to-security relationship, and encourages customers to raise expectations of their cloud service providers. Kellett argues that, “Whether they like it or not, organisations are putting their trust in the hands of the service provider, often without being completely satisfied that such trust is justified or that service levels and protection can be maintained.” Ovum insists that “alarm bells should be ringing” when a cloud service provider offers security and compliance features as optional extras. Indeed, customers should be demanding improved security and protection services as standard.

FireHost EMEA vice president Eleri Gibbon said, “For too long, businesses have made assumptions about the security of their cloud service providers. In the instance of a data breach, the client suffers the consequences. That doesn’t sit right with me. After all, if your house falls down unexpectedly, you’d expect people to ask questions about how it was built in the first place.”

Gibbon continued, “In today’s business climate, cloud service providers need to demonstrate their commitment to improving IT security. Likewise, customers need to look elsewhere if their current provider doesn’t meet their needs. Security-conscious industries in particular, such as retail, payments and finance, should seriously consider the use of secure, specialist cloud solutions to ensure the protection of their sensitive and extremely valuable data.