Employees must buy into the company policy for better cloud security

One of the biggest threats to cloud security isn't necessarily outsider threats or even malicious insiders: It's employees who aren't aware of and/or following the rules. Forbes reported that CEB, an advisory company, found 60 percent of firms have suffered a serious data breach that they weren't initially aware of. Even if they have a solid data security policy in place, CEB said 93 percent of employees have violated one of the organization's policies and don't even realize it.



"Policies need to be set quite close to the ground," said CEB's Jeremy Bergsman. "That means empowering people for day to day work. A lot of the best companies are re-writing security policies in a way that gets out of the mindset of 'things you can't do' and instead are made with a mindset of providing guidance for good decision making."


Bergsman said policies are written in a way that isn't reflective of the way work gets done, thus employees work around the policies instead of with them. This is made worse by the fact that working at home and working at the office is becoming a blurred line among younger workers. Forbes said a recent survey by Cisco found 40 percent of workers were aware that their company's policy did not allow personal use of the internet and 70 percent violated that policy.


While none of this may seem like a big deal to many, Forbes said most types of cyber infections and malware are likely to come from what many may think is harmless use of web services. Especially with online ads on legitimate websites now more likely to contain malware, people must be extremely careful with how they navigate the Internet. Cisco's John Stewart said that most people don't know where work starts and home begins in many instances, so companies need to educate and train users for best practices of using the web at work. Standards and policies must be made clear to employees to help understand what is acceptable on their end.


Business News Daily said the best cloud computing standards will let employees interact with data in many diverse and unique ways while also being secure. Eric Knudson, a representative of technology services company Touchbase, told the website that security and access are usually at odds with one another, so it will be up to the provider and business to figure out a way that these can work together in a way that makes sense for all parties involved.


"Encryption, versioning and audit or e-discovery capabilities tend to be afterthoughts," Knudson said, "But if you're considering cloud storage for your business, these should be important considerations. They may be the primary considerations, in fact."