If you factor in the leaks regarding the National Security Agencies tactics for intercepting cloud data as well as the celebrity photo leaks that are being blamed on the cloud, it’s easy to see how cloud security is the number one concern for CIOs and CTOs looking streamline existing business processes. You would think that the recent bad press surrounding cloud service security would spook IT decision makers however research shows that this simply isn’t the case.
BT conducted a study that queried business technology executives in over 10 countries. Despite the fear mongering of the tech media, executives seem to be quite comfortable with the idea of inviting cloud into their environments; that is, if you examine their actions and not their words. The BT study gives us somewhat conflicting sentiments about cloud. While nearly 3 out of 4 surveyed selected that they were extremely anxious in regards to the security offered alongside cloud services, 79% of business leaders located in the United States and 7 out of 10 located internationally mention that they are actively incorporating cloud services into their business processes.
In relation to cloud security, the study says, “For more than half (54 percent in U.S. and globally) of IT decision makers, trusting a third party is also a concern. In the US, 40 percent (41 percent globally) of respondents have the impression that all cloud services are inherently insecure and 22 percent (26 percent globally) of those surveyed said that they had experienced a data breach incident where their cloud service provider was the party at fault.”
One of the biggest concerns in cloud is the vulnerabilities surrounding hypervisors. Theoretically, an intruder could simply gain access to your data by hacking another company that resides within the same cloud. Once the intruder has broken outside of the hypervisor, all bets are off.
ZDnet interviewed Matt Joyce of the OpenStack project. In relation to hypervisor attacks, Joyce admitted, “There is no guaranteed way to address this risk today.” Without a way to address such a risk, it can be easy to see why executives can be spooked about putting sensitive data within any cloud infrastructure despite the assurances that cloud service providers offer.