See our Outsourcing Provider Directory here

CyberSecurity Professionals and Compliance Officers at Odds Over Cloud Security

Enterprise IT and compliance groups agree on one thing for certain: their cloud environments could use some work on the security front.

Less than half of the 1,018 IT security practitioners and enterprise compliance officers surveyed by the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, believe their organizations have adequate technologies to secure their infrastructure-as-a-service (IaaS) environments (35 percent of IT practitioners and 42 percent of compliance officers).

Beyond that, the two groups differed wildly on issues of IaaS security—from whether the cloud is as secure as on-premise data centers to who is responsible for cloud data security to what security measures should be put in place to prevent unauthorized access to data.

Just one-third of IT security practitioners said that cloud infrastructure environments are as secure as their own on-site data centers, while half of compliance officers rated IaaS as secure as on-premise infrastructure. There was  also significant disagreement about whether their organizations had sufficient processes in place to enable the secure use of cloud infrastructure. Only 34 percent of IT respondents believed that there were sufficient procedures in place, while 52 percent of compliance respondents were satisfied with their security policies.

Both groups thought encryption was important to protect against unauthorized data access, although they differed on who they were trying to keep out of the systems.  IT practitioners said encrypting data to make it unreadable by cloud service providers was the most important IaaS security measure to take, while compliance officers said encryption should be used to prevent IT administrators from accessing data they do not need to perform their jobs. Yet, according to the study, few cloud vendors offer encryption to their customers. Only 31 percent of respondents said their organization’s major cloud providers use encryption to protect data from insider threats. The majority of respondents were more likely to employ firewalls, anti- virus and anti-malware software, and identity and access management technologies to protect sensitive or confidential information exposed to the cloud.

On the subject of vendor due diligence, 59 percent of IT respondents say that security was either a low priority or not considered at all when evaluating IaaS providers, while 56 percent of compliance officers said it was a very high or high priority.

As for who is in charge of cloud security, the greatest number of compliance officers (21 percent) said that they are responsible for defining security requirements in the cloud, while the greatest number of IT security respondents (22 percent) believed business unit leaders are responsible for defining security requirements in the cloud. Both groups did agree, however, that business unit leaders are responsible for enforcing cloud security and no single person or group maintains responsibility for the actual implementation of security measures.

That, says Ponemon Institute chairman and founder Larry Ponemon, gets to the heart of the matter: ownership for security in the cloud is dispersed throughout organizations, further clouding the security issues surrounding as-a-service offerings. As a result, enterprise-wide cloud security strategies are difficult to implement.

And while IT and compliance haggle over security strategies, tactics, and ownership, internal audit groups are sitting on the sidelines. More than half of respondents said their organization’s internal audit review does not provide any feedback on the security of cloud infrastructures.

Security concerns do not seem to be slowing down cloud adoption, however. More than half (56 percent) of IT practitioners surveyed stated that security concerns would not prevent their organizations from implementing cloud services. Companies were most likely to store unstructured data, such as emails, files, and documents, in IaaS environments, according to the study. In addition, cloud services accounted for approximately 20 percent of the IT budget of those responding to the survey, and their cloud budgets are expected to increase approximately 31 percent in the next one to two years.

Not surprisingly, however, the two groups quarreled over the real benefits of cloud computing initiatives. IT respondents cited business agility, speed to roll out new services, and fewer personnel and management requirements as their biggest cloud drivers. Compliance respondents said cloud adoption lowered operating costs, improved compliance, and provided better quality infrastructure.

 

Get 3 Free Quotes Logo

  • Save 70%
  • Unrivaled expertise
  • Verified leading firms
  • Transparent, safe, secure

Get Started

Small Teams Call Logo

Start your Outsourcing Journey in 15 seconds.

Get Started

Enterprise & Large
Teams Call
Logo

Explore with an Enterprise Expert

  • Independent
  • Trusted
  • Transparent
Outsourcing

Dive into “Outsourcing”

A Guide to … Selecting the Correct Business Unit … Negotiating the Contract … Maintaining Control of the Process

Order now

Outsourcing Articles

Start your
outsourcing
journey here

"*" indicates required fields

Start your outsourcing journey.

Book a call with an outsourcing expert now

This field is for validation purposes and should be left unchanged.

"*" indicates required fields

This guide will walk you through some areas most important when outsourcing, such as
  • Identifying Your Outsourcing Needs Intelligently
  • Research & Selection
  • The Bidding Process
  • Contracts & Agreements
  • Implementation & Onboarding
  • Ongoing Management
  • Evaluating Success
  • Additional Resources

Book a call with an outsourcing expert now

This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Become an OC Partner
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Media Inquiries for OC
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Subscribe to our Newsletter
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Submit Press Release
Accepted file types: pdf, doc, docx, Max. file size: 8 MB.
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Submit an Article
Accepted file types: pdf, doc, docx, Max. file size: 8 MB.
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Request Ben Trowbridge as a Keynote Speaker
This field is for validation purposes and should be left unchanged.

Go to standard quote

Exclusive Enterprise Assistance

  • Independent
  • Trusted
  • Transparent

Offshore staffing solutions for enterprise. Independent expertise, advice & implementation

  • 200+ Firms, Global Reach
  • Offshore, Nearshore, Onshore, Rightshore
  • Managed Request for Proposal (RFP)
  • Assisted Procurement Processes
  • Vendor Management
  • Unique Build Operate Transfer model
  • Captive & Shared Services
  • Champion-Challenger
  • Multi-site, multi-vendor, multi-source
  • Managed Solutions

For Enterprise and large teams only

  • Book 20-minute consult, obligation free

You will get:

  • Needs Analysis & Report
  • Salary Guidance & Indicative Pricing
  • Process Map

Only takes 1 minute to complete the form

Get Started

Not an enterprise?

Go to standard quote