Photo - Dave Elliott, Senior Product Marketing Manager, Global Cloud Marketing, Symantec.
Though 99 percent of Malaysian organisations are considering migrating to the cloud for competitive advantages, 95 percent have seen rogue cloud deployments, according to security solutions firm Symantec's latest study.
Called 'Avoiding the Hidden Costs of Cloud 2013 Survey Global Results 2013,' 47 percent of Malaysian organisations suffered exposure of confidential information, said Symantec Malaysia's director, systems engineering, Nigel Tan.
Tan said though the number of organisations (99 percent) discussing cloud computing solutions is up from 70 percent from about a year ago, many of these enterprises and small and medium businesses (SMBs) are experiencing unexpected escalating costs tied to rogue cloud use, complex backup and recovery processes, and inefficient cloud storage solutions.
"Rogue clouds are defined as business groups implementing public cloud applications that are not managed by or integrated into the company's IT infrastructure," he said, adding that industry experts have predicted several challenges that will arise in 2013.
He said these financial and security issues arising from cloud computing include business continuity as outages often pose significant risks compared with security breaches.
"An outage may impact businesses and pose important concerns around data loss prevention, backup, time spent on data recovery and the associated costs," said Tan. "However, with advance preparation, organisations can build safe, agile and efficient clouds that will enable them to meet their business goals."
"A majority of businesses in Malaysia are at least discussing cloud as the benefits in improving agility and reducing costs are clear," he said. "However, in a rush to implement cloud, there are a host of hidden costs unwary organisations may face. The hidden costs of cloud implementation can negate the benefits if not properly contained."
Symantec's 2013 Cloud Survey is a result of research conducted by ReRez in September-October 2012. The full study represents 3,236 organisations from 29 countries, including 150 organisations in Malaysia. Responses came from companies with a range of five to more than 5,000 employees. Of those responses, 1,358 came from SMBs and 1,878 came from enterprises.
Surprisingly common problems
Tan said the Malaysia findings showed that rogue cloud deployments were "a surprisingly common problem and found in 95 percent of businesses in Malaysia within the last year. It also seems to be an issue experienced more by enterprises, due to their larger company size, than SMBs."
In addition to the 47 percent who reported the exposure of confidential information, Tan said that 40 percent or more faced defacement of Web properties, stolen goods or services, and account takeover issues. "The most commonly cited reasons for undertaking rogue cloud projects were to save time and money."
Tan said that cloud computing was complicating backup and recovery. "First, 59 percent of organisations in Malaysia use three or more solutions to backup their physical, virtual and cloud data-leading to increased IT inefficiencies, risk and training costs. Furthermore, almost half (47 percent) percent of organisations in Malaysia have lost cloud data, and most (83 percent) have experienced recovery failures."
"Most see cloud recovery as a slow, tedious process. Only about one fourth (27 percent) of organisations in Malaysia rate this as fast and 22 percent estimate it would take three or more days to recover from a catastrophic loss of data in the cloud," he said.
"One of the key advantages to cloud storage is how simple it is to provision," said Tan, adding that such simplicity often led to inefficient cloud storage practices. "Generally, organisations strive to maintain a storage utilisation rate above 50 percent. According to the survey, cloud storage utilisation globally is surprisingly low at 17 percent. There is a tremendous difference in this area between enterprises globally (which are utilising 26 percent of their storage) and SMBs (which is a shockingly low seven percent). Furthermore, within Malaysia, just over half admit very little, if any, of their cloud data is deduplicated, further compounding the problem."
He said that 64 percent of organisations in Malaysia expressed concerned about meeting compliance requirements in the cloud, and a slightly larger number (71 percent) are concerned about being able to prove they have met cloud compliance requirements. "This concern about information in the cloud is well founded, as 39 percent of organisations have been fined for cloud privacy violations."
"eDiscovery is creating additional pressure on businesses to quickly find the right information," said Tan. "About half (51 percent) of businesses in Malaysia reported receiving eDiscovery requests for cloud data. Of those, almost two-thirds (61 percent) have missed their cloud discovery deadlines, leading to fines and legal risks."
He added that the Malaysia findings of the survey showed companies found managing many SSL (secure sockets layer) certificates to be highly complex with just 33 percent that rated cloud SSL certificate management as easy and only 48 percent were certain about the corporate compliancy of their cloud-partner's certificates.
Foresight and planning
"By taking control of cloud deployments through foresight and planning, companies in Malaysia can seize advantage of the flexibility and cost savings associated with the cloud, while minimising the data control and security risks linked with rogue cloud use," Tan said.
"Wherever companies go with clouds, we will provide the protection and control they need across public and private cloud environments," said Dave Elliott, Symantec's senior product marketing manager for Global Cloud. "Symantec's vision is for safe, agile and efficient clouds. In five years, companies will operate in a converged IT world of cloud, virtualisation and mobile computing where clouds are safe. IT organisations will have better visibility, control and compliance across their private and public clouds."
"To achieve this safe clouds environment, the IT industry needs to enforce rigorous cloud strategies around the protection of policy, information, people and infrastructures," said Elliott. "Symantec's comprehensive portfolio provides companies of all sizes a variety of cloud solutions to address their specific needs and current IT environments."
He said the survey showed that ignoring these hidden costs would have a serious impact on business. These issues could be mitigated with planning, implementation and management:
- Focus policies on information and people, not technologies or platforms
- Educate, monitor and enforce policies
- Embrace tools that are platform agnostic
- Deduplicate data in the cloud
Photo - Nigel Tan, Director, Systems Engineering, Symantec Malaysia.
Sign up for CIO Asia eNewsletters.