1 in 3 businesses swerve cloud due to government snooping

News by Steve Gold

A new report released today claims that the rising level of government surveillance is now driving a third of organisations away from using cloud computing.

According to Lieberman Software's report, the bulk of these `cloud defectors' are opting to store their data in local data centre resources, rather than the cloud, thanks in part to Edward Snowden's revelations on the NSA and GCHQ over the last 10 months. 

Interestingly, the Privileged Identity Management specialist says that - in its 2012 analysis on the same subject - distrust in cloud computing was even higher. And whilst trust in the cloud has risen by 15 per cent over the last year or so, the government surveillance reports in the news have caused trust levels to take a dive again. 

Philip Lieberman, the firm's president, said that when his company undertook its survey in November of 2012, 86 per cent of respondents preferred to keep their more sensitive data within their own network, rather than the cloud. 

Delving into the report reveals that the presence of automated hacking tools means that even a small number of improperly secured resources are certain to give hackers free reign on the network – and access to customers' private data – within minutes of an incursion. 

"Cloud service providers face enormous market pressures to deliver high service availability and consistent data security at an absolute minimum cost," says the report, adding that - until now - privileged accounts and other file-based secrets have proven difficult to secure within large-scale, dynamic cloud service provider networks using human intervention and first-generation software tools. 

"As a result, improperly secured privileged accounts provide an easily exploited attack surface for hackers and malicious insiders. For example, a 2012 Verizon survey of larger organisations that suffered data breaches revealed that 84 per cent of records were stolen as a result of compromised credentials," the analysis notes. 

Commenting on the report, Phil Robins, a director with fellow security vendor Encode UK, said that organisations should be less worried about the NSA and more worried about disreputable nation states - and criminal gangs - extracting data from their networks. 

"The question is: do organisations believe that their own cyber-security is superior to those deployed by cloud providers? The majority of organisations don't even know they have been attacked. In every simulated APT attack run on behalf of our clients we've never been discovered," he explained. 

Berta Papp, managing director with Tempest Security Intelligence, pointed out that it is often amazing - to her, at least - how obscure the issue of the cloud is to companies she encounters. 

The problem, she says, is that there is a general misperception as to what the cloud really is, even though the risk surface of most businesses is increasing significantly because of the influx of portable devices within organisations. 

"Everyone needs to understand that the cloud security landscape has changed," she said, adding that risk assessment is always the first step in reviewing whether a moved to a cloud resource is secure enough for a given business. 

Simon Mendoza, CTO with private cloud provider MDSL, agreed with the Lieberman Software report's observations.

"We've definitely seen a few changes in the cloud adoption model over the last few years. We started back in 2003, but have recently seen customers putting a lot more effort into the vetting of their suppliers, often asking for ISO 27001 certification from them," he said, adding that these requests were the driving force behind MDSL's decision to seek accreditation under the ISO scheme three and a half years ago.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews