Chief information officers everywhere are rethinking their strategies regarding both the cloud and internal network security, in light of recent attacks launched by Flame, a new chunk of malware wreaking havoc on systems throughout the Middle East and Europe.
While recent measures to cut expenses by migrating systems to the cloud has given companies plenty of opportunity, it's also left open some vulnerabilities exploited by the Flame virus. Since most cloud providers leave security generally in the hands of those who use the services, businesses don't commonly put particularly sensitive data in the cloud's hands.
This is widely regarded as a significant plus for businesses in terms of security, but given the nature of the Flame virus, it may not be enough.
Most agree that putting sensitive data in cloud storage is a bad idea, but many suggest it’s only the beginning of proper security measures in the face of Flame, and in general. Observers suggest some information should actually be taken offline altogether, including those most sensitive items like patents, strategic plans or geographically sensitive information like the locations of certain resources the company needs to survive.
It's also been suggested that CIOs in particular should take extra care when buying software, considering it from a security standpoint, with a special eye toward potential "back doors" included in the software itself – a common measure taken by programmers who may need to alter critical code in the software during development that could come back to haunt the buyers down the line.
Steven Birgfeld, senior vice president and CIO of Hostess Brands, summed the situation up well, saying that "movement to the cloud will be selective [until a] comfort level that is tenable and sustained" is reached on the part of CIOs everywhere.
This is the best posture to take, really. While the financial benefits of a cloud-based system have been regularly proven, issues of security are just as important. While the Flame virus hasn't yet strayed from Europe and the Middle East, it still bears watching, as viruses move quickly and often strike unexpectedly.
Keeping antivirus systems up to date and ready is a smart move, and offline backups of sensitive information is even more so.
Movement to the cloud should be a selective process. Cloud storage is easy to work with, inexpensive and does great things for remote workers who provide their own cost savings over in-house workers. But security issues associated with the cloud cannot be overlooked, and should therefore be considered carefully in the course of implementing cloud services.