Security vendor highlights cloud data concerns

Enterprises have cited data control and failover as their greatest challenges when computing and storing data in the cloud.

Security vendor Symantec commissioned a telephone survey of 1,700 organisations, including 90 in Australia and 60 in New Zealand for its sixth annual Disaster Recovery Study.

Globally, organisations were found to use the cloud for 47 percent of both their mission-critical and non-mission-critical applications.

Security was the main concern for two-thirds of global respondents, and 94 percent of those in Australia and New Zealand, when computing in the cloud.

Meanwhile, 55 percent of global respondents and 93 percent of those in the region said controlling failovers and making cloud resources highly available was their greatest challenge in the face of a disaster.

"There is a major shift to moving mission-critical applications to the cloud," said Symantec's sales manager Brad Newton, adding that "if you follow the right steps, it shouldn't be an issue".

Communication with cloud providers was key to a successful cloud migration, he said, recommending providers that use encryption and apply security classifications to data up front.

Service providers should also comply with industry regulations and offer service level agreements (SLAs) that comply with organisational standards, he said.

And savvy organisations should also perform independent security audits of potential providers, Newton said, declining to provide details of any such offerings from Symantec.

M86 Security observed more wariness from enterprises that considered the cloud, highlighting opposition from banking regulators such as the Monetary Authority of Singapore.

"We've seen quite a slow uptake of cloud services," M86's Asia Pacific director of sales engineering Jason Pearce told iTnews this week.

"The Monetary Authority of Singapore is very anti-cloud because they can't see any real protection around the storage of data," he explained.

Pearce said companies that used managed service provider offerings - like Google's Gmail or Microsoft's Business Productivity Online Services - were essentially outsourcing the security of their hosted data.

And with cybercriminals typically targeting applications with the most users, he warned that attacks on storage outsourcers would likely become more common.

DR complicated by virtualisation and the cloud

According to Symantec, disaster recovery and backup practices were falling behind due to the complexities of mixed virtualised, cloud, and physical environments.

The survey found between one quarter and one third of all applications to be in virtual environments locally and globally - up from one fifth reported in 2009.

In Australia and New Zealand, backup systems protected only 52 percent of virtualised data. One quarter of data and applications were replicated, and 27 percent were protected by failover technologies.

Fifty-three percent of virtualised servers were not covered in local respondents' disaster recovery plans, Symantec found. Newton said this was likely due to server sprawl and a "lack of tools".

Local organisations experienced an average of six downtime incidents in the past year, a majority of which were due to system upgrades, power outages and failures, cyber-attacks and natural disasters.

Organisations expected two hours' downtime per outage - an improvement from the four hours they expected in 2009.