The Snowden Data Security Problem Threatens to Slow Cloud Momentum
The Edward J. Snowden problem threatens to slow the momentum of widespread business adoption of cloud computing solutions. ISVs must take steps to manage the risk this event will discourage enterprise business customers from pursuing cloud alternatives to on premises computing systems.
As recently as no more than a week ago we would not have taken this position. We did some writing for AO Docs, a document management system built around Google Apps, back in February, 2013. The writing assignment gave us an opportunity to review some research on the real cause of data loss in cloud applications. Our review convinced us user errors, across a wide range of procedures required for successful operation of access controls, is the biggest reason for this problem. At the same time, we concluded the SMB and enterprise business markets would find the cost savings of either multi-tenant, or private cloud Software as a Service (SaaS) offers too compelling to resist.
But the Edward J. Snowden problem won’t go away. Businesses and organizations in the public sector may finally start to pull away from cloud offers if something doesn’t happen soon to stop more “Mr. Snowdens” from exploiting the extensive potential for damage presented by a combination of a bad, but nonetheless popular practice of storing confidential information in cloud systems, and lax/poorly designed operational risk controls over how personnel are permitted to interact with data stored in cloud repositories.
Businesses with a serious investment in cloud offers aren’t likely to change anything soon. But their peers, who are only now considering the pros and cons of cloud computing, will likely take a breather until the Snowden problem goes away.
The lesson here? Black swan events (Mr. Snowden’s exploit, for example), accomplished by compromising poorly planned operating controls, have a tremendous potential to disrupt general business conditions. The damage can be very high where unauthorized access to confidential data stored in cloud repositories is the objective behind a successful exploit.
© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved