The Cloud Industry Forum (CIF) and cybersecurity expert Trend Micro have published a new paper on the most pressing cloud security and assurance issues facing businesses as they move to the cloud. Assurance in the Cloud, written with input from leading experts from the IT industry and legal community, explores the key challenges Board members will need to address, including who has access to their data, where it is being held, and what technical and contractual measures are in place to protect it.
Bill McGee, SVP and General Manager, Cloud and Data Centre Security at Trend Micro, said: “The rise of cloud computing means that the whole Board needs to be involved in technology decisions in a way that they’ve never had to be before and, for many, that will be a real challenge. We’ve compiled this guide to get the whole of the senior management team thinking about the risks that their organisations are facing, and ultimately enable them to make better and more informed business decisions when it comes to cloud.”
The need for Boards to address the security risks posed by the cloud if they are to meet more stringent security regulations like GDPR is laid bare in the Q4 2016 Global Cloud Adoption and Risk Report (CARR) from Skyhigh Networks.
Its analysis of cloud usage data from 30 million cloud users worldwide shows that 69.7% of cloud services do not specify whether the customer keeps ownership of uploaded data; just 8.7% commit not to share data with third parties; and only 16% delete data immediately after contract termination.
Commenting on these and other findings, Skyhigh’s chief European spokesperson Nigel Hawthorn said: “With companies now accessing an average of 1,427 cloud services and generating more than 2.7 billion cloud transactions per month, cloud security cannot be ignored. It’s concerning that so many cloud service providers do not specify who owns data after upload and so few commit to not sharing it with third parties, as both could potentially see data falling into the wrong hands. Businesses must also remember that it’s not just employees that pose a risk. On average, companies are sharing data with 864 partners and they must ensure that all of them hold the same attitude to security.”