Blog

Privacy Professionals Should Share the Wealth
August 16, 2010
I guest-blogged for anti-ID theft crusader John Sileo’s web site this week and thought I’d re-post here for readers of the Ponemon. Permalink

Legislating Social Privacy
July 30, 2010
There’s a great deal of talk these days about privacy and social media. Specifically, services like Google, Facebook, Twitter, and other popular social networking platforms are coming under increased scrutiny over their privacy policies and data sharing practices. Permalink

When Privileged Access is no longer a Privilege
July 19, 2010
I just read an interesting multi-part investigative report in the Washington Post about how intelligence gathering – and the bureaucracy that has risen since September 11, 2001 to facilitate the harvest and analysis of that information – has spun beyond the federal government’s control, not to mention its ability to make use of the sheer abundance of information. Permalink

Home » Blog » Dr. Ponemon's blog » Think Before you Cloud »

RSS Feed

Think Before you Cloud

May 13, 2010

A few years ago, when wireless networking was still relatively new, there were numerous reports of enterprising employees who, frustrated with the pace of new technology integration in their workplace, took it upon themselves to deploy rogue access points – often hidden behind furniture or above drop-down ceiling panels – in order to provide convenient mobility around the office.

Problem was these clandestine devices, while providing a benefit to the user, were not industrial strength and lacked the necessary security features to ensure the integrity of network and data security. Access to corporate networks and data was not only convenient for those aware of the jerry-rigged system, but for anyone snooping for a signal.

The measured pace of adoption was not because IT departments were ignorant of the advantages of wireless networking, but because IT departments knew the risks involved and needed to take a strategic approach to integration; they needed to make sure the introduction of new technology would not be at odds with security.

We see this same scenario play out every time there is a significant innovation in technology that has clear upside potential for business: adoption runs ahead of evaluation. Today, it’s happening with cloud computing as our recent study, made possible through the generous support of our friends at CA, reveals. For example:

· Only 47 percent of the 642 IT and IT security practitioners we surveyed said their organizations were being evaluated for security before deployment; and,

· Just over half of those we surveyed said they were unaware of all the cloud computing applications being used by their organizations.

We are well aware of the advantages companies can derive from cloud computing, but we cannot endorse the adoption of any new product or technology without adequate evaluation. Information security and data privacy are at greater risk anytime these assets are stored with a third-party. Policies must be developed, used, and enforced to ensure all cloud computing applications meet an organization’s standard for security and are in keeping with both departmental and corporate strategic goals.

Are you aware of what cloud applications your organization has adopted?

Posted by Dr. Larry Ponemon at 9:02 am

Add Comment (1 comments)

Tags:

Comments

June 11, 2010 1:34pm Mark Johnson

So what's the answer? A closer relationship between the IT Department, with their need for more efficient methods of doing their jobs, and the Security Group, tasked with protecting those IT guys from themselves. A better understanding between these two groups would provide a multi-discipline approach to all IT activities without the feared "braking" effect on the fast-paced adoption of new technologies.