02 May 2012

Cloud Providers Need to Step Up Security, Report Shows

Cloud providers need to enhance data security measures, including educating their customers about best practices in the field, according to cloud-based solutions researcher CenterBeam.

Security tests found that some cloud providers were not securely separating virtual servers located on shared hard disks, said CenterBeam. This breach could be easily exploited by hackers, allowing them to access customer information and possibly gain control of other servers.

“The vulnerability was exploitable due to the way new virtual servers are created,” the report said. “The test showed a lack of properly implemented security measures caused the vulnerability.”

According to The 2012 Information Security Breaches Survey (ISBS), a bigger problem appears when companies simply put their information in the hands of third parties with little or no scrutiny. The survey showed that 34 percent of small businesses were allowing personal mobile devices to attach to networks, without proper Bring Your Own Device policies.

Also, 73 percent of businesses use at least one outsourced service over the Internet, but only 38 percent ensure that data held by external providers is encrypted.

Sometimes, the Cloud Industry Forum argued, encryption is not the best security solution available. Firewalls, VPNs and access control cost less and may be more efficient.