Hidden costs of cloud: survey fails to reveal the devilish details
It's not straightforward to implement cloud across an organisation, a survey hints at the problems but fails to capture the whole truth
One of the by-products of being ill in the first few weeks of this year as the backlog of stuff to look at as I tried to catch up with the world of cloud. So, I’ve only just looked at the Symantec report Avoiding the Hidden Costs of the Cloud, I wish I’d seen it a bit earlier – there are such interesting revelations in it, they might have acted as a stimulus to my virus-hit body
To my mind, the most staggering revelation was the fact that, over the past 12 months, 23 percent of organisations have been fined for privacy violations in the cloud.
I’m not surprised there have been some violations – there have been plenty of warnings about the danger of storing confidential data in the cloud, but am surprised at the high number – that’s not just one or two companies neglecting their legal responsibilities but a whole tranche of them. And, at a time, when the idea of moving to the cloud is still a relative novelty, what happens when more companies start moving mission-critical data to the cloud? As Symantec points out, this rather goes against the notion that issues such as compliance are not a high priority for organisations.
Over the past 12 months, 23 percent of organisations have been fined for privacy violations in the cloud
The survey also has ammunition for those who think that security in the cloud is too complex. Only 27 percent of respondents find handling SSL certificates to be easy and only 40 percent of organisations believe their cloud provider’s security certificates are rigorous enough to comply with those organisations’ own security standards. Again, a worryingly high percentage.
One of the most impressive aspects of the research is the size of the sample being surveyed. This is not a couple of dozen people attending a trade show being stopped by students with clipboards (as too many surveys are) but consists of a sample of 3,000 from a wide-range of countries. Unfortunately, Symantec has not split the data in a way to assess which countries are having particularly hard time in the cloud.
Symantec also draws attention to other potential headaches: the costs of rogue IT where departments go behind the backs of IT departments to implement their own IT products and services.
One thing that is strange is the lack of financial information: For a survey that focuses on hidden costs – there’s little indication as to what these costs are: are we talking about losses of hundreds of pounds? Thousands? Millions?
The survey doesn’t go into any detail about company politics. After all, it’s not inconceivable that an IT department has warned about the problems of shadow IT. It would be unlikely for a security officer not to warn on certification. A legal counsel would surely have advised on data storage requirements and legal responsibilities – it would be interesting to have fathomed out why companies fell short of what was expected of them.
Full credit to Symantec for looking into some of these issues but what a pity that it didn’t really examine some of the underlying issues that are causing paralysis within organisations –now, that survey might really have jolted me out of my sickbed.