Skip Links

Gartner's state of cloud security: Outages are bigger risk than breaches

Outages by various cloud providers have been more common than security breaches, Gartner says, but few businesses are prepared for them

By , Network World
November 14, 2012 02:52 PM ET

Page 2 of 2

Third-party organizations are working to create standards and certifications for this area, but Heiser says those are still weak at this point. The Cloud Security Alliance, for example, has undertaken broad measures to address a variety of topics, but he questions how in depth those efforts have been at drilling down into specific areas.

RELATED: Amazon opens up about its cloud security practices, joins CSA registry 

FedRAMP is a program by the federal government that seeks to have a common set of security criteria for each provider the federal government uses for cloud computing, but it's in the early stages and may not be operational until 2014, he says. "We're beginning to get glimpse of what we need," Heiser says, but more work is needed to have standard controls, evaluation practices and global consensus. Buyers are in the best position to put pressure on vendors to be as transparent as possible on these issues, he adds.

So what's an enterprise cloud user supposed to do? "Choose your battles over data control," Heiser says. The macro trend is that more data is going to more end-user devices, which makes controlling the data more difficult and creating more vulnerabilities. With a data classification scheme, organizations can prioritize which data needs to be heavily secured. For most organizations that extremely sensitive data will be less than 20% of data, and could be as little as 5% or less. That data should be given "heroic efforts" to protect it - encryption, tokenization, data loss prevention systems or keeping it on site and not in a public cloud. Anti-virus, anti-malware and other security protections and controls should be in place to ensure the rest of data is not egregiously vulnerable. Ultimately, in today's world, the reality is, Hesier says that "most data will have to protect itself."

Network World staff writer Brandon Butler covers cloud computing and social collaboration. He can be reached at and found on Twitter at @BButlerNWW.

Read more about cloud computing in Network World's Cloud Computing section.

Our Commenting Policies
Cloud computing disrupts the vendor landscape


Latest News
rssRss Feed
View more Latest News