Business Cloud News
Recently published research reveals enterprise IT pros are struggling with cloud security, and intend to spend more in 2014 on technology and training to address it

Recently published research reveals enterprise IT pros are struggling with cloud security, and intend to spend more in 2014 on technology and training to address it

Research published this week by enterprise IT incumbent Dell reveal significant increases in IT spending on security solutions as traditional workplaces to transform into cloud-focused BYOD cultures. And while a slew of SaaS-focused cloud security solutions seem to be hitting the market at record pace, for most CIOs, technology can only do so much.

The massive increase in malware over the past few years coupled with the onset of bring your own device culture is beginning to cause serious headaches (and knee-jerk responses) in enterprise IT outfits.

Dell, which commissioned independent tech specialist Vanson Bourne to interview 1440 IT pros globally, said that its most recent research showed nearly 90 per cent of IT pros plan to prioritise security spending this year and nearly one fifth of IT budgets will go directly towards IT security services.

Three quarters of interviewees said they planned on increasing spending on IT security this year, with 58 per cent of those interviewees planning to shell out more for cloud security.

But over 40 per cent of the surveyed group claim to lack confidence in cloud security solutions currently on the market today. And nearly half ranked increased use of cloud as a top security concern in the next five years; only 22 per cent said moving data to the cloud was a top security concern today.

“Traditional security solutions can defend against malware and known vulnerabilities, but are generally ineffective in this new era of stealthy, unknown threats from both outside and inside the organisation,” said Matt Medeiros, vice president and general manager, Dell Security Products.

“These threats evade detection, bypass security controls, and wreak havoc on an organization’s network, applications, and data, but despite these dangers, our study found, among those surveyed, organizations are just not prepared,” Medeiros said.

What would you consider the main inhibitor to cloud adoption in your organisation?

View Results

Loading ... Loading ...

“We believe a new security approach is needed ─ one that’s embedded in the fabric of software, governing access to every application and protecting every device, both inside and outside a corporate network,” he added.

But protecting every device has become increasingly difficult as enterprises embrace BYOD policies to support more flexible styles of working.

The multitudes of mobile-focused cloud security startups exiting stealth mode as of late are touting solutions that move beyond traditional app containerisation (XenMobile, FiberLink, AirWatch, etc.) and the like to tend to the task.

Recently unveiled companies like Elastica and Apprity tap into the dark arts of the data sciences and use complex machine-learning algorithms to assess the risk attached to how applications are used on personal and company-issued devices in the workplace, in addition to allowing users to implement policy-based access of course.

Other mobile device management apps like Bitglass aim to avoid the traditional profile-based MDM tactics at the heart of many an offering by essentially creating mini-proxies for cloud applications that can earmark data as it passes through them, promising IT administrators the ability to manage and delete said data. A novel approach to say the least.

But while most vendors will (at least attempt to) lead you to believe the solution lies in the technology alone, most CIOs are unconvinced.

Of the proportion of the interviewees that said they plan to increase spending on IT security, 68 per cent said they planned to spend more money on employee education and training around security. This little titbit, perhaps unsurprisingly, was scarcely mentioned in the report despite taking up the largest share of stated future resource allocation.

There is no consensus on this among IT pros, however. With enterprise adoption of cloud services steadily gaining momentum many including the British Government have called on the IT sector to retrain professionals on cloud platforms, both in terms of using and supporting them. But according to recently published research from Databarracks over half (54 per cent) of UK IT pros have not received any new training on these platforms in the previous twelve months and 53 per cent don’t plan to in the next.

“We want to leverage BYOD because the reality is many people have their own device and can leverage it, but the challenge, is how do you ensure you’re protecting the corporate data?”, Chris Moore, chief information officer of the City of Edmonton in Alberta, Canada told Business Cloud News.

“There are tools for the devices that we provide, but the key question is, how do you manage it on the devices you don’t provide? I don’t think anyone really has this figured out very well,” he said.

Moore, who is currently penning a report on how to support the City of Edmonton’s IT strategy to support flexible working, explained that the City wants to ensure protection without being too rigid. He said the social and behavioural elements are perhaps the most challenging, and most important aspects of securing the cloud in an age of flexible working and BYOD.

“It’s a pretty narrow avenue to navigate, but it’s not just about technology, it’s about ensuring people have solid understanding of etiquette. If people treated technology the way they treat their dwelling, things would be different: when you leave the house in the morning you lock the door, you don’t leave it unlocked because you think it will be more convenient,” he said.

“There’s things you can put in place with technology to manage, control and augment that, but we will never stop ensuring that people are also aware and taking their responsibility as steward of corporate data seriously.”