Archived website

This online community was active in conjunction with the Digital Agenda Assembly 2012 and is now archived and available for institutional memory. You can now join the discussion at https://ec.europa.eu/digital-agenda/en/community

Are SMBs gaining significant IT security benefits from using the cloud?

LE ROUX's picture
Submitted by LE ROUX on Mon, 2012-05-21 14:50

A recent Microsoft Study ( http://www.microsoft.com/en-us/news/Press/2012/May12/05-14SMBSecuritySur... ) shows that 35 percent of U.S. SMBs surveyed have experienced noticeably higher levels of security since moving to the cloud. In addition, 32 percent say they spend less time worrying about the threat of cyberattacks. U.S. SMBs using the cloud also spend 32 percent less time each week managing security than companies not using the cloud. They are also five times more likely to have reduced what they spend on managing security as a percentage of overall IT budget.

In Europe, is security in the cloud perceived as better than the security on-premise?

Group audience: 
Interesting!
2 users have voted.

Comments

Engberg's picture
Submitted by Engberg on Mon, 2012-05-21 16:29

Cloud has no security

This is unusable statistics delivered by providers as emtpy claims. Just because the attackers havent yet moved bigscale to cloud does not mean cloud is secure - it is not.

And this is further not incorporating the internal fraud - such as Google abusing data cloud.

The question is wrong - all perimeter security is failling also "on-premise" - as US Military recently told the US Senate. Cloud will just fail much faster and much bigger as risks are scaled exponentially.

When moving to cloud, you neet to restructure application security entirely - eventually this also goes for "on-premisis".

Interesting!
0 users have voted.

LE ROUX's picture
Submitted by LE ROUX on Mon, 2012-05-21 16:44

In a press release published November 20th 2009, the Executive Director of ENISA, Dr Udo Helmbrecht see some advantages as he said: “The scale and flexibility of cloud computing gives the providers a security edge. For example, providers can instantly call on extra defensive resources like filtering and re-routing. They can also roll out new security patches more efficiently and keep more comprehensive evidence for diagnostics.”

Interesting!
0 users have voted.

aserocarmela's picture
Submitted by aserocarmela on Mon, 2012-05-21 23:04

Thanks to Yves Le Roux for giving us this interesting perspective. True, security is widely perceived as an issue concerning cloud. Nevertheless, level of security found on the cloud is often higher than the one achieved by SMBs' with their limited IT systems.

Interesting!
0 users have voted.

Alemadi's picture
Submitted by Alemadi on Tue, 2012-05-22 15:59

I totaly agree with Mr. Engberg that these statistics is done by vendors just to cover them selves and make more money. Cloud never been more secure and it will not be because it is on the internet and anything in the internet is not save from the teenagers hackers between 16 and 25 years old.

Interesting!
0 users have voted.

LE ROUX's picture
Submitted by LE ROUX on Tue, 2012-05-22 16:51

Are you using Internet?
If you think that "anything in the internet is not safe from the teenagers hackers between 16 and 25 years old", why do you take the risk to use it?

Interesting!
0 users have voted.

Engberg's picture
Submitted by Engberg on Sun, 2012-05-27 13:28

What is your argument?

That because cars can kill you driving 20 km/h in a home server and 50 km/hr at some local hosting service provider - it is the same as driving 250 km/h against the traffic at one of a oligopoly of cloud service providers refusing to incorporate security in order to create lock-in effects and access to your data?

When moving from slow speeds to highway traffic, we chenge technical requirements and we SPLIT traffic to prevent disasters. When we move to airplanes security requirements are raised significantly higher.

This does not eliminate risk, but technical security has to be proportional with risks. Putting identified data about people in cloud is simply disportionate comared to the risk created because nobody and nothing can secure data to any satisfactory level in cloud.

Notice here - that I am NOT saying we cannot use cloud (e.g. lik saying noto nuclears power), I am saying that in order to use cloud, we need to entiure the controls rests with those at risk - e.g. citizens need to have control over their data through purpose-specific identity and companies need to have control over their external relationships (using the same principle of avouding reuse of identifiers, keys and related data).

Still - the idea that e.g. EU put anyuthing resembling basic policy making, companies putting anything resembling critical corporate knowhow or any security operating with keys in cloud are simply iresponsible behaviour. But the critical aspect is if you are putting OTHERs in danger and if you have any real chance of knowing what kind of danges, your are exposed to.

For citizens this is clearly not the case, so therefore the present ban on personl data in cloud should not only remain, but be strongly improved through technological enforcement as it is circumvented for e.g. commercial and behavioural profilering drastically eroding european competitiveness and geopolitical stability by shifting power over strategic ressources.

Europe cannot survive consumers and companies being profiled from an increasingly more aggressive and data-abusing commercial infrastructure. In this also should be considered the fact that these providers have NO way to proctet the same data from criminal intruders or government demand of access.

We are talking about taking indutriual and society espionage to new levels beyond any acceptable level.

And lets not kid ourselves here - no law or agreement can protect these data after control has been transferred - there only one way for sustainable use of cloud - ensure control of critical data is NEVER placed in cloud.

The problem is not the technology - I can have a cloud at home or the company can have an intra-corporate cloud, but they can only have perimeter security which is rapidly eroding. Even at home when some device have assess to use data, you should encrypt all data in cloud and ensure revocation and recoverability WHEN, not if, intruders penetrate the security perimeter.

Interesting!
0 users have voted.

LE ROUX's picture
Submitted by LE ROUX on Tue, 2012-05-22 17:05

At the World Economic Forum in Davos, Switzerland, Nelly Kroes, who is in charge of the Digital Agenda, said: “Cloud Computing will change our economy. It can bring significant productivity benefits to all, right through to the smallest companies, and also to individuals. It promises scalable, secure services for greater efficiency, greater flexibility, and lower cost,” she said.

Interesting!
0 users have voted.

Engberg's picture
Submitted by Engberg on Sun, 2012-05-27 13:09

It only proves that Neelie Kroes lack competent advisors to caution her against corporate lobbyism wanting to abuse the state to profit at the expense of everybody else.

Cloud has its use, but it is oversold and especially the risk of massive shift of power FROM sitizens and business to corporate infrastrcuture is seriously underestimated.

Cloud is not different from e.g. Nuclear power (I am in favour of this) where we have to have serious security mechanisms in effect to protect us from the dangers and harm.

For cloud - there are several critical requirements as the potential flexibility and scalability value comes at the expense of security and control - you MOVE services into a space that you cannot control and nobody can secure.

The two most imporatant are assurance of free choice (to shift provider without lock-in) and empowering security (to protect against secondary abuse of data).

For instance using Salesforce.com (which is not a choice of the consumer) - the only way to protect the market from the insecurity and concentration of data power through coerporate and consumer profiling is to ensure that the citizen do not have to use the same identity for two different transactions services in Salesforce.com, i.e. so this system (and its owners and everybody else who can more or less legitimaty access the data) CANNOT recognice and link these two instances of the same consumer.

Considering Google, Facebook and some of the other making a business model out of system secondary use of data and control of market making in conflict with Single market principles, these critical requirements are essential for markets to work.

Interesting!
0 users have voted.

aserocarmela's picture
Submitted by aserocarmela on Tue, 2012-05-22 19:57

However, Neelie Kroes also reminded us that:
"many still hesitate before the Cloud. They worry: how do I know what service I am buying? Will my data be protected? Which providers can I trust? If I don't like what I am getting, can I switch providers easily? Or, if I really don't like what I'm getting, can I easily enforce the contract through legal action?
All these issues – standards, certification, data protection, interoperability, lock-in, legal certainty and others – are particularly troublesome for smaller companies. They are the ones who stand to benefit the most from the Cloud – but who don't have a lot of spending power, nor resources for individual negotiations with Cloud suppliers.
Where these barriers exist, I am determined to overcome them."

And that's why we are here offering an open platform to discuss such issues, identify challenges and overcoming barriers. And thanks a lot for your contributions. Keep up the good work in providing us with interesting food for thought.

Interesting!
2 users have voted.

Engberg's picture
Submitted by Engberg on Sun, 2012-05-27 13:33

Neelie Kroes can overcome these barriers, but eIdentification is non-compatible with cloud - so her actions are not in line with statements.

I am not critisicing Mrs. Kroes as I am sure she personally depend on advisors - but she is dangerously poorly adviced.

Europe risk repeating the disaster on Biometric passports - which some may still dream is a good thing because the scale of the problem has not hit yet.

Interesting!
1 user has voted.

People

competencesmarocaines.org's picture
fhardes's picture
fredriklinden's picture
keneastwood's picture
Nicholas Bentley's picture
JacintaArcadia's picture
Loankanassy's picture
Kasper Peters's picture
Kristijan Jakic's picture
lpujol's picture
Digital Agenda Assembly engagement
glqxz9283 sfy39587stf02 mnesdcuix8
glqxz9283 sfy39587stf03 mnesdcuix8
glqxz9283 sfy39587stf04 mnesdcuix8