When Security in the Cloud Gets in the Way of Work

As more companies move to cloud-based services, security in the cloud is becoming a greater concern. How can you make sure your company’s sensitive data is protected while still taking advantage of the convenience the cloud offers?

What is the Cloud?

First, we need to understand exactly what we mean when we talk about the cloud. Confusingly, the term can be used for very different things. People may be referring to the public cloud, to a private cloud, or to a hybrid of public and private.

A public cloud is one that is accessed by multiple users and organizations. With a public cloud, providers offer applications and storage via the internet to the general public. Lower cost is the main advantage of a public cloud. Limitations include security concerns for sensitive data.

A private cloud is accessed by only one organization. While a private cloud can reduce security concerns and offer the opportunity to customize for an organization’s needs, it also involves the additional costs of development.

A hybrid cloud, obviously, is a mix of public and private, allowing organizations to use different solutions for different needs.

To take advantage of cloud services effectively, organizations need to be aware of their needs. For example, companies that deal with health information or financial, or other sensitive data will want to avoid storing that data in a public cloud.

What Issues Do Your Company and Your Employees Face?

One of the greatest difficulties faced by employees is cumbersome security requirements. For example, according to a July 1015 study done by Dell, approximately 85% of users are faced with the need to have and keep track of multiple passwords for the different services they use on the job. Additionally, 82% of users who work remotely reported that they are required to use additional security measures. Ultimately, the study showed that 91% of users feel that their productivity is impacted by the steps they have to take to meet security needs.

The case of multiple passwords is especially worrisome, as employees tend to be focused on completing tasks over meeting security requirements. This can lead to disastrous workarounds, including using the same password for all cases, making a hacker’s job easy, or even writing down passwords and keeping them in poorly secured locations. If you’ve ever written a password on a slip of paper and “hidden” in under your keyboard, you know how easy it is to fall into the habit of workarounds.

However, most companies know that security has to take priority over ease of use. This makes sense, especially when dealing with sensitive customer data. How can companies balance these two competing needs?

What Solutions are Available for These Issues?

One promising approach is known as “context aware” security. This approach involves varying levels of security requirements depending on different factors. For example, a company might require only a standard level for a user whose geographical location is in California, but place additional scrutiny on a user logging in from an Eastern European country. This is a more sophisticated approach than those available in the past, which would either allow all users to log in easily regardless of geographical location, or would subject all users to intense scrutiny regardless of location.

More generally, encouraging IT professionals to move away from a “silo” approach to security will alleviate the need for multiple passwords. In the “silo” approach, new features are added to systems independently of each other, without much thought given to how each addition will interact with old features. In the short term, a quick and easy way to provide security in this environment is to require users to create a new password each time they need to be given access to a new feature. But in the long term, this is costly in terms of encouraging users to get around security with risky workarounds. Taking the time to have a coherent overall plan for adding new features will minimize this risk.