Organisations are widely migrating to the cloud to gain competitive advantages around speed, agility and flexibility – in South Africa, nine out of 10 organisations are now involved in cloud computing – but they are having to invest heavily to ensure their security.
This is according to Symantec’s recent Avoiding the Hidden Costs of Cloud 2013 survey, which shows that local enterprises are experiencing escalating costs tied to rogue cloud use, complex backup and recovery, and inefficient cloud storage.
Rogue clouds are defined as business groups implementing public cloud applications that are not managed by, or integrated into, the company’s IT infrastructure.
Industry experts predict several key issues will arise in 2013 focused on the financial pressures and security challenges of cloud computing. Business continuity is seen as an important issue with the increase in cloud outages posing greater risks than security breaches. However, with advance preparation, organisations can build safe, agile and efficient clouds that will enable them to meet their business goals.
“By taking control of cloud deployments, companies can seize advantage of the flexibility and cost savings associated with the cloud, while minimising the data control and security risks linked with rogue cloud use,” says Mark Smissen, business development manager for Symantec.cloud in Africa.
According to the survey, 60% of organisations in South Africa are mindful about meeting compliance requirements in the cloud, while 59% are concerned about being able to prove they have met cloud compliance requirements.
E-discovery is creating additional pressure on businesses to quickly find the right electronic information for legal requests or internal investigation, such as a human resources (HR) case.
According to the survey, one out of every five enterprise businesses in South Africa reported receiving e-discovery requests for cloud data. Of those, more than half (55%) have missed their cloud e-discovery deadlines, and 40% were unable to meet the requirement at all, leading to fines and legal risks.
“With the Protection of Personal Information (PoPI) Act’s implementation coming soon, many CIOs may have to audit existing systems to ensure that the company complies with the new legislation,” adds Smissen.
“The requirements surrounding PoPI are applicable to the complete lifecycle of information across all sectors including the capturing and processing of personal information, as well as the strict security measures that have to be in place to avoid loss, damage or unlawful access of that personal information.
“PoPI will affect virtually all businesses in South Africa, so it’s important that organisations have the necessary systems and processes in place to minimise risk and protect their information.”
According to the survey, rogue cloud deployments are one of the cost pitfalls. It is a surprisingly common problem, found in 80% of enterprise businesses in South Africa within the last year.
Among organisations that reported rogue cloud issues, organisations are experiencing issues such as the exposure of confidential information, account takeover issues, defacement of Web properties, or stolen goods or services. The most commonly cited reasons for undertaking rogue cloud projects were to save time and money.
Cloud is also complicating backup and recovery. First, 64% of South African enterprise organisations use three or more solutions to backup their physical, virtual and cloud data, leading to increased IT inefficiencies, risk and training costs. Furthermore, 39% of these organisations have lost cloud data and most (64%) have experienced recovery failures.
Finally, most see cloud recovery as a slow, tedious process; 34% estimate it would take three or more days to recover from a catastrophic loss of data in the cloud.
One of the key advantages to cloud storage is how simple it is to provision. Sometimes this simplicity leads to inefficient cloud storage. Generally, organisations strive to maintain a storage utilisation rate above 50%.
According to the survey, cloud storage utilisation is very low at a global level, around 17%, which shows that organisations are investing in more storage than is needed ultimately driving up costs. Furthermore, 46% of organisations in South Africa admit that very little, if any of their cloud data, is being deduplicated, further compounding the problem.
Organisations have all sorts of assets in the cloud – such as Web properties, online businesses or Web applications – that require SSL certificates to protect the data in transit whether it is personal or financial information, business transactions and other online interactions.
The survey showed companies found managing many SSL certificates to be highly complex: Just 21% rate cloud SSL certificate management as easy and only 42% are certain their cloud-partner’s certificates are in compliance with corporate standards.
The survey shows that ignoring these hidden costs will have a serious impact on business. However, these issues are easily mitigated with careful planning, implementation and management:
* Focus policies on information and people, not technologies or platforms;
* Educate, monitor and enforce policies;
* Embrace tools that are platform agnostic; and
* Deduplicate data in the cloud.