Many consumers don’t realize they’re entrusting sensitive data to a third party, and businesses should take notice. In a recent cloud security survey conducted by Clutch, 32 percent of respondents said they don’t use or access information in the cloud, despite being frequent users of some of today’s prominent cloud storage offerings, including Dropbox, iCloud and Box. With businesses ramping up mobile workforces and outfitting employees with mobile devices, this is worrying, and mobile security must become a priority.
Cloud Confusion Reigns
The Clutch survey shows that cloud users aren’t educated about what is and is not cloud, and even how the cloud is accessed: 55 percent of respondents said that they’re knowledgeable about cloud technology, but 22 percent answered that they either don’t use cloud or are unsure if they’re using the cloud. According to the survey, the confusion stems from widespread misinformation about cloud in the media. Consumers have been bombarded by confusing message about cloud, resulting in a “buzzword” that covers a range of scenarios and meanings.
“From private cloud, managed private cloud, to in-house and public cloud, there are many different technologies which can be referred to as cloud, but are very general,” said Alexander Martin-Bale, director of Cloud and Data Platforms at adaware. He points out that users tend to think in terms of the application being used, rather than the technology behind it. “Anything being hosted somewhere other than on the device itself is cloud-based. The reality is that knowing exactly when you’re using it, even for a technical professional, is not always simple.”
This knowledge gap has implications for both cloud and mobile security, owing to the widespread use of mobile devices that access cloud applications.
Mobile Security Implications
More than half (52 percent) of respondents that do store or use information in the cloud said they are taking additional security steps when accessing cloud services, such as two-factor authentication or encryption. However, 37 percent stated that they’re not taking any additional steps, and just 19 percent of respondents believe that they’re responsible for cloud security. Forty-two percent believe the cloud provider should take some level of responsibility, and 30 percent stated that the cloud provider has full responsibility for security.
While cloud environments can provide high levels of security, experts point out that no cloud provider can protect anyone 100 percent. Gartner predicts that through 2020, 95 percent of enterprise cloud security incidents will be the fault of users. “It’s paramount,” Martin-Bale says, “for users to understand that they can’t offload liability by inherently trusting cloud providers. It’s true that most providers employ many resources for making sure that the service is kept kosher, so to speak, but, at the end of the day, it’s the user’s responsibility to ensure that the data they have on the cloud is safe enough.”
In the workplace, it’s up to businesses to ensure that employees are using secure mobile devices to access the cloud and receiving education and training for personal and professional cloud use.
Are there gaps in your mobile security strategy? Learn more about how a mobile security assessment can analyze your risks.