Adaware’s Alexander Martin-Bale Provides Expert Analysis on Recent Clutch Cloud Survey
by Riley Panko, Special to the Stay Aware blog
Alexander Martin-Bale, Director of Cloud and Data Platforms at adaware, recently sat down with Clutch, a leading B2B research firm, to discuss their 2017 Consumer Cloud Security Survey.
Clutch surveyed 1,001 users of cloud-based applications across America to determine knowledge of and habits regarding the cloud. Martin-Bale provided insightful commentary into the data, which reveals significant gaps in awareness of cloud technology.
Knowledge Gaps
Nearly one-third of respondents to the survey did not know that they use the cloud. Despite indicating that they use at least one of several popular cloud-based applications (i.e. Google Drive, Dropbox, etc.), 32% of respondents subsequently answered “No” to the question, “Do you use or access information in the cloud?”
Martin-Bale discussed the confusing nature of cloud technology. “From private cloud, managed private cloud, to in-house and public cloud, there are many different technologies which can be referred to as cloud, but are very general,” he explained. “Anything being hosted somewhere other than on the device itself is cloud-based. The reality is that knowing exactly when you're using it, even for a technical professional, is not always simple.”
Given the increasing ubiquity of the cloud, this may happen more and more in the future. Martin-Bale mentioned the fact that companies intentionally streamline the design of their cloud-based apps, to increase usability. While this is beneficial for the user, it also has the unintentional consequence of further removing the technological process of cloud computing from a user’s awareness. “Using a local app versus using a cloud-backed one is not very transparent to many people,” he said.
The Burden of Responsibility
The Clutch survey also found that the largest percentage of respondents (42%) believe that the responsibility for cloud security falls equally on the cloud provider and user.
Martin-Bale disagreed with this point, saying that a user’s behavior rules supreme when it comes to cloud security.
“It's paramount for users to understand that they can't offload liability by inherently trusting cloud providers,” he said. “It's true that most providers employ many resources for making sure that the service is kept kosher, so to speak, but, at the end of the day, it's the user's responsibility to ensure that the data they have on the cloud is safe enough.”
Martin-Bale touted the benefits of user awareness when it comes to cloud security. “We've seen a definite improvement in this regard over the last couple of years, after seeing some paramount leaks on the iCloud and other predominant providers,” he explained. “Users have been realizing that this is actually a threat, and, even if a company is a household brand, they're still not invulnerable.”
So, What's Next?
Martin-Bale offered the following prediction in regards to the future of cloud security. He suggested that, though user awareness has increased, there are still huge knowledge gaps that need to be protected against:
“More people will adopt the cloud, as there is an increase in fast connections and smart devices. It's inevitable and is happening every day. As this happens, there will also be an increase in security vulnerabilities, and I think we can find that the number of users employing additional security on top of the cloud service is very slim. Having more cloud providers with a provably-secure system, one in which even they don't have access to the data being stored, would be a good move.”
When offering advice, he also mentioned the importance of knowing when extra layers of security, such as two-factor authentication and additional encryption, are needed. “Personally and professionally, I believe that there are things which shouldn't be on the cloud, even with the built-in securities available,” said Martin-Bale. “This can include passwords, certificate keys, credentials and anything which can provide access to something else, or anything which can be described as an open breach.”
You can read the full report on Clutch’s website here.