The most popular and comprehensive Open Source ECM platform
What you don’t know, or don’t investigate deeply enough, can hurt you. Especially when it comes to security controls for cloud computing. Many companies are entrusting highly sensitive and confidential data to the cloud, but they haven’t dug deeply enough into the security details of their cloud environment.
Chris Potter, PwC information security partner, said that “Businesses are putting their faith in third parties to take care of their data but many are taking a laissez faire attitude to the security element. Not only are they often completely leaving the security controls to third parties, they are not actually checking what controls those third parties have in place. Small businesses may think that because their data is being hosted by a large cloud provider that good security controls will be in place, but this isn’t necessarily the case. Companies should always check what security controls their providers are operating.”
When moving your data to the cloud, you should’t assume. More organizations are moving data into the cloud. PwC found that 73 percent of organizations use at least one outsourced cloud service. But only 38 percent of those organizations are encrypting the data that is being stored there. And 56 percent of organizations that host data in the cloud have never done any checks on the security provided by their vendor. Potter commented that “Rather than relying on contingency plans, organisations would be in a much more powerful position if they were to secure their data in the first place.”
Potter told InfoSecurity online journal that ”I think it comes down to two things. First, there’s a basic lack of understanding of some of the risks involved; and second, there’s an element of wishful thinking: if I haven’t been burnt, then I’m OK – maybe this security risk is all just hype… What happens is that when people see a shiny new toy, they go off and use it – but it’s only when they actually experience a major security breach in their organization that they stop to make the necessary security changes.”