Backup and Storage

Cloud security risks ‘can be minimised with 6-step plan’

Cloud-based encryption is effective, but should not be viewed as a silver bullet.

Gartner has highlighted six security issues which firms will need to address to get the most out of their cloud services.

Many companies in the UK and across the world are now looking at the cloud to help add an extra layer of protection in their everyday operations via simple processes such as document storage or disaster recover, but in order to do so, they must be prepared, insists the research giant.

While these services come with an encryption safeguard as standard, they should not be viewed as the "silver bullet", according to Gartner.

Analysts told companies and organisations looking to adopt cloud services to first develop their own data security plan, which addresses the six security issues: Breach notification and data residency, data management at rest, data protection in motion, encryption key management, access controls and long-term resiliency of the encryption system.

Without this basic ground work a firm could end up losing a lot of the benefits that the cloud can bring, adding cost and complexity to the adoption without addressing the fundamental issues of data privacy and long-term security and resiliency.

Furthermore, Gartner said that poorly implemented encryption systems can do more harm than good and may even interfere with the normal functioning of some cloud-based services.

Security and privacy are still cited by a large number of organisations as the main reason that they are not switching to the cloud.

This has led to the introduction of cloud encryption systems in the past 18 months and a separate piece of Gartner research found that the explosion is set to continue.

The expected compound annual growth rate of software as a service from 2011 to 2016 is 19.5 per cent, platform as a service 27.7 per cent, infrastructure as a service 41.3 per cent and security services spending  22 per cent.