Replacing all instances of the word "cloud" with "somebody else's computer" might make organisations stop and think about the security implications of cloud computing.
That's according to computer security expert Graham Cluley. He believes the "trendy" use of the word "cloud" has been responsible for a certain carelessness by organisations as they ship their data off to cloud providers without properly considering how sensitive data could be vulnerable if stored this way, especially if it isn't encrypted.
"You need to encrypt your data. Nobody used to use the word cloud - we all used to say "internet" but now it's trendy to say cloud," Cluley told Computing. "I'd like to suggest a new phrase so that every time we say cloud we say 'somebody else's computer'."
Thinking about it in those terms, Cluley argued, would logically lead to IT professionals thinking a little harder about where and how they store data, especially if it is of a sensitive nature.
"Suddenly, if you say I'm going to put my sensitive data on somebody else's computer, you get a bit more concerned and think maybe I should be more careful about that, maybe I should encrypt it," said Cluley.
Computing web seminar, Closing the IT security risk management gap: 3 ways to connect IT & the board. Speaking as part of a panel discussion, he argued that if cyber security is taken seriously at board level, the philosophy will trickle down through the rest of an organisation, ultimately making it more secure against cyber threats.
"It's important the board believes in securing the organisation because more junior staff will see them," he said.
"Making sure those staff behave within the rules and understanding the benefits of doing so is something that's going to be trickled down through the organisation. It doesn't just have to be spoken, it has to be lived," Cluley added.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy