Are Cloud Data Security Fears Holding Back Cloud Adoption?

Concerns about US spying on corporate information stored by cloud computing providers is beginning to have an impact on those providers international revenue, according to industry analyst Michelle Jenkins. “Enterprise customers in Europe and Asia are worried about government surveillance of their data stored by US cloud providers and it's having an impact on the bottom line.

Industry analysts expect revenue for US cloud companies to be $35-155 billion lower over the next 5 years due to fears about surveillance. Concerns about cloud data security extend beyond just government surveillance and include traditional fears about security breaches, data loss, and compliance violations.

Often these fears about the cloud begin with IT feeling they are losing control of corporate data as employees introduce many cloud services into the company outside the normal IT procurement process. Such unregulated and unmanaged “shadow IT” projects are not known to the IT department and do not go through the typical vetting process for the company's cloud data security requirements.

In your IT department, you likely already have programs and resources in place to address different kinds of risk, from security operations centers focused on inbound threats, to data loss prevention teams focused on data leakage. Managing the cloud doesn't require establishing a new team, or even new headcount. All of the activities necessary for robust risk management can be incorporated into existing processes.

While every company is unique, there are some common elements that every company should adopt to lower their cloud risk exposure. They include limiting access to the riskiest cloud services, educating users, migrating to lower risk services, and responding to security compromises immediately.

Employees usually have good intentions, but they may not be aware of the risks posed by some types of cloud usage. Many companies have mandatory compliance classes and employee onboarding which can be augmented with training on high-risk cloud activity such as uploading sensitive information to unsecured services. Employees also prefer to know about high-risk services before access is limited or removed.

Some services present risk to your data and can be enabled in read-only mode for employees to view information but not upload data. You may also find cloud services in use that are simply too risky for your organization. It's up to each company to develop a cloud data security policy that works for the organization and balances the benefits of cloud services with their risk to company data.