New Study: Cloud Survey of U.S. IT Operations, IT Security and Compliance Practitioners

A new cloud security study by the Ponemon Institute has just been released. Ponemon Institute’s report, “Data Security in the Cloud Survey of U.S. IT Operations, IT Security and Compliance Practitioners,” surveyed the executives online over a three-week period ending in October 2011. “While we were surprised by the different attitudes towards cloud security among IT practitioners and compliance officers, the findings did reveal that security in the cloud is a concern for both groups, especially in IaaS environments,” says Larry Ponemon, chairman and founder of the Ponemon Institute.

The study brings to light the following issues that CIO’s face when moving to the cloud:

  • There is a big difference of opinion between compliance executives and IT security executives when it come to cloud security readiness. Compliance executives appear to be more optimistic.
  • Over 50% of compliance executives and IT security executives feel their organizations internal audit review does not provide feedback on security of cloud infrastructure.
  • Only 31% of all respondents say their organizations major cloud providers use encryption to protect data from insider threats.
  • 56% of IT practitioners say that security concerns will not keep their organizations from adopting cloud services.
  • Many organizations have implemented identity access management to prevent unlawful access.

The good. It appears that organizations are starting to address the new cloud landscape and acknowledging the security issues they face. Also, many companies have implemented strong authentication (two factor authentication) for identity access management.

The bad. Majority of cloud providers not encrypting their clients data.

The ugly. How could anyone consider moving any of their corporate data to the cloud despite their security concerns. Completely irresponsible. Do they not understand the short and long term effects of a data breach and how in an instance it can destroy a company and its brand? I certainly would not want to be shareholder of one of those companies.

You can read the entire article here.