Pining for Failure in the Cloud

Written by

I missed this info-graphic first time around, so thanks to securecloudreview.com for posting a link.  

Like all info-graphics, it makes the process of digesting rather stodgy numbers much more enjoyable. Kind of like a good glass of wine. Or custard, with a jam roly-poly (for those with fond memories of English school dinners.)

I particularly loved this info-graphic, though, because it contains a number of utterly confounding treasures. For example, 26% of companies aren’t prepared to put data covered by regulations such as HIPAA and SOX into the cloud. Wait. So that means that (does quick mental arithmetic, involving fingers and toes) 74% of companies are?
 
Really?
 
I’m a huge fan of cloud computing, and I work both in my day job and as a volunteer with the CSA to help make the cloud safer for all kinds of data – but that took me by surprise.
 
It gets better, though. 85% of organizations are confident in their cloud provider’s ability to provide a secure environment. Secure, I wonder, from what? Alien attack?  Giant comets? I am assuming they don’t mean every day events like hacking and insider fraud, because if 85% of cloud companies can keep that stuff from happening, they need to tell the rest of the world how they did it.
 
Look, rather than spoil the whole thing, I’d suggest you go for a stroll down the list yourself. It’s good stuff, if only because it is a very telling peek into the mind of companies that use the cloud, and their level of trust that the whole thing will come out right in the end.
 
Speaking of the end, the last stat was the best (of course).
 
45% of IT Pros say their biggest cloud security concern is the lack of a perimeter defenses and/or network control.
Ah yes. The good old perimeter. Because, you know, perimeter defenses have worked so well in the past. I understand their point – the cloud takes the idea of perimeter-based defenses and not only shreds them, it sets them on fire and then dumps the ashes somewhere in the middle of the Atlantic. But that should be something we’re learning to live with, not pining for.
 
Perimeter defenses are the poster child for infrastructure-based security thinking. Yes you need them, but they don’t keep everyone out, and they can’t save you at all once the attacker is in. There are a lot of things we need to worry about when it comes to sensitive data in the cloud (I’m talking to you, 74% of folks storing sensitive data in the cloud) but a hankering for an approach that didn’t work the first time you tried it isn’t going to help.

What’s hot on Infosecurity Magazine?