Cloud technology came under a harsh spotlight last month after very private images of many of entertainment’s biggest names were hacked from Apple’s iCloud. For consumers that were already storing personal files in the cloud it was a wake-up call – but for businesses that had migrated to the cloud for their critical day-to-day operations, it was deeply concerning.
Understandably, cloud concerns now abound within the enterprise – however, these are not necessarily justified. Without wanting to single out Apple, the iCloud leak served as a prime example of why security arrangements – and the way in which responsibility for data is shared between provider and client – need to become an explicit and well understood part of all cloud service contracts.
Enterprises must look into securing their own data and services, without relying too heavily on the built-in features of the environment they’re operating in. As such, data stored in the cloud should probably be kept encrypted as a matter of course.
Mistrust in the cloud: where does the blame lie?
A Ponemon Institute study, undertaken prior to this high-profile leak, found that seven in 10 businesses believe cloud providers are failing to comply with laws and regulations on data protection and privacy.* This widespread mistrust is unsurprising, as the global cloud providers operate in a veritable regulatory maze and a number of highly-publicised hacks have significantly hampered faith in cloud service security.
Cloud providers are currently doing a less than perfect job, but it would be unfair to place all the blame at their doorstep; clients also need to take responsibility and do their homework, at least where data protection regulations are concerned. After all, ultimate responsibility rests with the data processors, not with their service providers.
Many firms using the cloud are likely currently reconsidering their strategy, with a greater focus on data security. Some organisations are still using mass market consumer cloud services rather than solutions specifically developed for the enterprise, and this is not surprising. The distinction between the two remains rather vague and, in any case, emphasising it only goes against the grain of the market – after all, the cloud’s value promise is to commoditise processing power and storage.
Providing a seamless scale-up path for start-ups is important, especially with mass-market services such as Dropbox providing high convenience at a very low price. For many smaller firms, it is not really worth seeking alternative solutions currently if all they want to do is store and share a few gigabytes of data.
Cloud adoption: what impact will the iCloud leak have?
Conflicting reports remain regarding levels of cloud adoption, compounded by the fact that the cloud is a relatively vague concept and as such there isn’t a single way to count organisations that are using cloud services. It’s hard to tell at present how many firms are on Amazon EC2, have bought a private cloud solution from someone, or are renting machines in a so-called ‘bare metal cloud’ arrangement. You also have to consider that it’s very hard to quantify just how important all these various clouds are in the companies’ operations.
On top of this, cross-industry surveys are very hard to organise and cloud providers are not exactly forthcoming with their client lists. Our experience, however, tells us that cloud adoption is proceeding apace – we continue to see very healthy demand for security solutions that are tailored for virtualised environments.
The key question, of course, is whether Apple’s recent iCloud leak will hamper cloud adoption in the long term – and as serious as the breach was, it’s still just a blip on the radar in the grand scheme of things. Further breaches will, in the long run, only serve to make everyone more security conscious and eventually client demand will push the cloud services industry towards doing things right. In the short term, practicality always trumps security, but the costs of insecurity do add up during the long term.
Alexandru Catalin Cosoi is chief security strategist at Bitdefender
