Cloud's Data Security Troubles More Policy Than Technology

For the better part of 2012, cloud service providers had to combat the misconception that their digital underpinnings were somehow inherently less secure than on-premise offerings. A healthy dose of reason has been brought to these debates in recent months, however, and companies are starting to see that the cloud's data security stumbles often have more to do with user policy than vendor technology.

Data security lost in the shadows
The principles of proper data protection may be second nature to IT professionals at this point, but establishing and enforcing corresponding employee usage policies continues to present challenges. Most notably, the pace of mass market innovation has empowered everyday workers with the ability to circumvent the CIO and procure the tools of the choice. This can be seen in businesses all across the world as iPads make their way into the office and Dropbox makes its way onto corporate computers.

While this convenience does bring important productivity benefits that cannot be dismissed, too often it seems data security best practices are slipping through the cracks left by broken communication loops. Common employees may not have the knowledge and skills to deploy and maintain data encryption software on their own, and if they're working behind the IT department's back, the help desk won't be there to rescue them - and their data - from trouble.

This is not a phenomenon reserved for entry-level hires either. In some cases, traces of shadow IT can be found all the way up into the boardroom. In any case, it's a trend that cannot be ignored and must be addressed if companies hope to satisfy data security goals.

Facilitating secure data exchange
First and foremost, IT teams should recognize that scolding employees for their cloud usage habits may only serve to drive activity further underground. Instead, managers should promote an honest discussion of how employees are hoping to use technology and what safeguards should be in place.

Familiar practices and programs like identity and access management and data encryption software still have a large part to play in securing activity in cloud-based environment, and employees should be educated and accountable for their compliance with best practices.

But at the same time, IT administrators will want to have one eye on the future to make sure they're positioned to handle new development. According to Network World, a fresh wave of native cloud security tools are expected to hit shelves in the next few years, and a clear market perspective could be essential to satisfying security goals.