Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

IT is getting cloud storage security all wrong

Andy Patrizio | March 18, 2016
Two recent reports confirm that your greatest security threat is your users, not outside hackers.

A pair of research reports on cloud storage behaviors reiterates what has been an enduring and entirely unnecessary reality about data storage: The greatest threat to your store is not outside hackers, it's your own staff. 

The first comes from survey conducted by Ipswitch File Transfer, a maker of secure file transfer and data monitoring software. It asked 555 IT professionals across the globe about their file sharing habits and found that while 76 percent of IT professionals say it is important to be able to securely transfer files, 61 percent use unsecured file-sharing clouds. 

It also found 32 percent of IT professionals don’t have a file transfer policy in place, 25 percent plan to establish one, and another 25 percent said their company has a file transfer policy, but the enforcement is inconsistent. 

Twenty-one percent reported they might have had a data breach in the past but they were not entirely sure, while 38 percent said their processes to identify and mitigate risks are inefficient. 

Another survey by document management and digital imaging firm Crown Records Management and Censuswide, released on Clean Out Your Computer Day (February 8), found that 55 percent of IT decision makers in companies with more than 200 employees do not have a policy in place for email data retention, 58 percent do not audit their paper-based data regularly, 60 percent don’t practice regular reviews of files stored in the cloud or on-premises, and 64 percent do not filter what goes into the cloud. 

Topping it all off, 76 percent don’t have a system helping them to differentiate between data which must and should not be retained. 

"What this points out is something that's been around a long time, and cloud storage is just the latest place it shows up. People are running full out and often don’t take the time and do discovery and inventory to make sure things are more in order to adhering to the policies," says Jean Bozman, vice president and principal analyst of Hurwitz & Associates. 

We live in the now so we're just trying to do the best we can now, she added. "But having looked at disaster recovery and high availability, it's very important to take that pause, whether it’s over a holiday weekend of whatever and just document what you have," she adds. 

Paul Castiglione, senior product marketing manager of Ipswitch, says a lot of cloud file sharing services are adding security features to cover for bad behavior, which is increasingly necessary. 

"If we were all perfect individuals, there wouldn't be errors. But stats also show that in companies with data loss, one-third of the incidents was due to human error, one-third to process and network errors and one-third to malicious activity. So two-thirds of data loss is stuff I can control inside my network. Sure, I want to train my employees so they don’t make dumb mistakes but also provide the technology to make it impossible for them to make a mistake," Castiglione says. 

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.