In 
The one big hold out against deploying cloud based computing in the enterprise is concerns around data security. A new research report, brought out by the Ponemon Institute, further adds fuel to this fiery debate around security and control vis-à-vis cloud computing. The report, based on a survey, indicated that the IT staff in corporates is having trouble controlling the management and security of data in the cloud.
The findings reveal that global organizations are struggling to secure data in the cloud, possibly due to the lack of critical governance and security practices. The survey found that only 38 percent of organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud. Adding to the confusion, 44 percent of corporate data stored in cloud environments is not managed or controlled by the IT department. And more than two-thirds (71 percent) of respondents say it is more difficult to protect sensitive data in the cloud using conventional security practices.
So, are CIOs going to cut back on cloud deployments?
Suresh A Shanmugam, Head - Business Information Technology Solutions (BITS), Mahindra & Mahindra Financial Services, echoes the sentiment when he says, “We are facing challenges with respect to security when it comes to cloud. Shadow IT is definitely playing a part here.”
However, Shanmugam feels it is better to allow rather than clamp down on Shadow IT. He says, “Other departments should also know what goes into procuring IT. We have in fact allowed all business units to procure their own PCs and laptops. The IT department provides them with the guidelines and all procurement has to be done within those parameters.”
While Shanmugam acknowledges that cloud security issues could become bigger in the future, he also believes that the inherent advantages of moving to cloud will be greater than fears of security.
“The advantages of cloud outweigh security risks. Besides, it is the only option for certain business models that can’t afford to invest in IT infrastructure,” he says.
It is because of such advantages that Shanmugam has moved the company’s customer conversations and mails on to the cloud and is eyeing to put data related to collection also on cloud.
Rajiv Nandwani, VP, Global Information Security and CISO, Innodata, also downplayed the issue.
“We have not encountered any challenge in controlling corporate data in the cloud. The best way to ensure that your sensitive data is in safe hands is by aligning with the best of breed cloud service providers. Secondly, we make sure that the service providers are SOC I and SOC II certified and are compliant with ITIL and ISO 27001,” he says.
“While the jury is still out on the subject of security, our approach has worked well for us,” Nandwani says.
Last year, Nandwani moved his company’s mail to Google cloud. This year, he has migrated to Office 365 and has also put his ticketing system onto the cloud. Nandwani also leverages cloud for cyclical (3-6 month projects) and testing purposes.
My take?
Despite the fears raised by this and other similar studies, CIOs would prefer availability and quick deployment over security. User departments on their part would be putting pressure on the IT department to move a lot faster with deployments, if not experimenting on their own. All considered, enterprise technology leaders want an option wherein they can reduce their capex and speed up deployments even if it entails taking some security risks.
Cloud computing, therefore, will continue to proliferate in enterprises despite the attendant security concerns.
Add new comment