This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

1 in 3 businesses swerve cloud due to government snooping

Share this article:

A new report released today claims that the rising level of government surveillance is now driving a third of organisations away from using cloud computing.

Microsoft boosts Internet encryption and transparency
Microsoft boosts Internet encryption and transparency

According to Lieberman Software's report, the bulk of these `cloud defectors' are opting to store their data in local data centre resources, rather than the cloud, thanks in part to Edward Snowden's revelations on the NSA and GCHQ over the last 10 months. 

Interestingly, the Privileged Identity Management specialist says that - in its 2012 analysis on the same subject - distrust in cloud computing was even higher. And whilst trust in the cloud has risen by 15 per cent over the last year or so, the government surveillance reports in the news have caused trust levels to take a dive again. 

Philip Lieberman, the firm's president, said that when his company undertook its survey in November of 2012, 86 per cent of respondents preferred to keep their more sensitive data within their own network, rather than the cloud. 

Delving into the report reveals that the presence of automated hacking tools means that even a small number of improperly secured resources are certain to give hackers free reign on the network – and access to customers' private data – within minutes of an incursion. 

"Cloud service providers face enormous market pressures to deliver high service availability and consistent data security at an absolute minimum cost," says the report, adding that - until now - privileged accounts and other file-based secrets have proven difficult to secure within large-scale, dynamic cloud service provider networks using human intervention and first-generation software tools. 

"As a result, improperly secured privileged accounts provide an easily exploited attack surface for hackers and malicious insiders. For example, a 2012 Verizon survey of larger organisations that suffered data breaches revealed that 84 per cent of records were stolen as a result of compromised credentials," the analysis notes. 

Commenting on the report, Phil Robins, a director with fellow security vendor Encode UK, said that organisations should be less worried about the NSA and more worried about disreputable nation states - and criminal gangs - extracting data from their networks. 

"The question is: do organisations believe that their own cyber-security is superior to those deployed by cloud providers? The majority of organisations don't even know they have been attacked. In every simulated APT attack run on behalf of our clients we've never been discovered," he explained. 

Berta Papp, managing director with Tempest Security Intelligence, pointed out that it is often amazing - to her, at least - how obscure the issue of the cloud is to companies she encounters. 

The problem, she says, is that there is a general misperception as to what the cloud really is, even though the risk surface of most businesses is increasing significantly because of the influx of portable devices within organisations. 

"Everyone needs to understand that the cloud security landscape has changed," she said, adding that risk assessment is always the first step in reviewing whether a moved to a cloud resource is secure enough for a given business. 

Simon Mendoza, CTO with private cloud provider MDSL, agreed with the Lieberman Software report's observations.

"We've definitely seen a few changes in the cloud adoption model over the last few years. We started back in 2003, but have recently seen customers putting a lot more effort into the vetting of their suppliers, often asking for ISO 27001 certification from them," he said, adding that these requests were the driving force behind MDSL's decision to seek accreditation under the ISO scheme three and a half years ago.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

NCA wants security pros to become cybercrime fighters

NCA wants security pros to become cybercrime fighters

The UK's National Crime Agency is on the hunt for cyber security professionals to "join the fight against some of the world's most significant cyber criminals" on salaries ranging from ...

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in ...

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".

Apple Mac OS criticised for sending search results to third parties

Apple Mac OS criticised for sending search results ...

Apple is under pressure to make changes to the Spotlight feature on the new Mac OS X Yosemite 10.10, which tracks location and sends data back to the firm and ...