CyberSecurity Professionals and Compliance Officers at Odds Over Cloud Security

Enterprise IT and compliance groups agree on one thing for certain: their cloud environments could use some work on the security front.

Less than half of the 1,018 IT security practitioners and enterprise compliance officers surveyed by the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, believe their organizations have adequate technologies to secure their infrastructure-as-a-service (IaaS) environments (35 percent of IT practitioners and 42 percent of compliance officers).

Beyond that, the two groups differed wildly on issues of IaaS security—from whether the cloud is as secure as on-premise data centers to who is responsible for cloud data security to what security measures should be put in place to prevent unauthorized access to data.

Just one-third of IT security practitioners said that cloud infrastructure environments are as secure as their own on-site data centers, while half of compliance officers rated IaaS as secure as on-premise infrastructure. There was  also significant disagreement about whether their organizations had sufficient processes in place to enable the secure use of cloud infrastructure. Only 34 percent of IT respondents believed that there were sufficient procedures in place, while 52 percent of compliance respondents were satisfied with their security policies.

Both groups thought encryption was important to protect against unauthorized data access, although they differed on who they were trying to keep out of the systems.  IT practitioners said encrypting data to make it unreadable by cloud service providers was the most important IaaS security measure to take, while compliance officers said encryption should be used to prevent IT administrators from accessing data they do not need to perform their jobs. Yet, according to the study, few cloud vendors offer encryption to their customers. Only 31 percent of respondents said their organization’s major cloud providers use encryption to protect data from insider threats. The majority of respondents were more likely to employ firewalls, anti- virus and anti-malware software, and identity and access management technologies to protect sensitive or confidential information exposed to the cloud.

On the subject of vendor due diligence, 59 percent of IT respondents say that security was either a low priority or not considered at all when evaluating IaaS providers, while 56 percent of compliance officers said it was a very high or high priority.

As for who is in charge of cloud security, the greatest number of compliance officers (21 percent) said that they are responsible for defining security requirements in the cloud, while the greatest number of IT security respondents (22 percent) believed business unit leaders are responsible for defining security requirements in the cloud. Both groups did agree, however, that business unit leaders are responsible for enforcing cloud security and no single person or group maintains responsibility for the actual implementation of security measures.

That, says Ponemon Institute chairman and founder Larry Ponemon, gets to the heart of the matter: ownership for security in the cloud is dispersed throughout organizations, further clouding the security issues surrounding as-a-service offerings. As a result, enterprise-wide cloud security strategies are difficult to implement.

And while IT and compliance haggle over security strategies, tactics, and ownership, internal audit groups are sitting on the sidelines. More than half of respondents said their organization’s internal audit review does not provide any feedback on the security of cloud infrastructures.

Security concerns do not seem to be slowing down cloud adoption, however. More than half (56 percent) of IT practitioners surveyed stated that security concerns would not prevent their organizations from implementing cloud services. Companies were most likely to store unstructured data, such as emails, files, and documents, in IaaS environments, according to the study. In addition, cloud services accounted for approximately 20 percent of the IT budget of those responding to the survey, and their cloud budgets are expected to increase approximately 31 percent in the next one to two years.

Not surprisingly, however, the two groups quarreled over the real benefits of cloud computing initiatives. IT respondents cited business agility, speed to roll out new services, and fewer personnel and management requirements as their biggest cloud drivers. Compliance respondents said cloud adoption lowered operating costs, improved compliance, and provided better quality infrastructure.

 

Outsourcing Center, Staff Writer

Recent Posts

  • Business Challenge
  • Contract
  • Function
  • Governance
  • IT Applications
  • IT Infrastructure & Applications
  • Multisourcing
  • Service Level Agreement (SLA)
  • Time to Market
  • Transition
  • Vendor Management

The Meat and Potatoes of Multi-Vendors

While the glamorous multi-vendor deals are the ones garnering most of the attention in outsourcing,…

26 years ago
  • Contract
  • Function
  • Governance
  • IT Applications
  • Multisourcing
  • Procurement
  • Service Level Agreement (SLA)
  • Vendor Management

Teaming: Making Multi-Vendor Relationships Work

Since the late 1980's, outsourcing vendors have relied on subcontractors to perform part of the…

26 years ago
  • Business Challenge
  • Communication
  • Contract
  • Energy & Utilities
  • Financial Services & Insurance
  • Governance
  • Industry
  • Manufacturing
  • Time to Market
  • Vendor Management

Lateral Leadership For Organizations That Are Outsourcing

American firms continue their rapid expansion of service and product outsourcing. Companies signed major new…

26 years ago
  • Business Challenge
  • Communication
  • Contract
  • Financial Services & Insurance
  • Governance
  • Healthcare
  • Industry
  • Manufacturing
  • Pricing
  • Service Level Agreement (SLA)
  • Time to Market
  • Vendor Management

The Many Sides of a Re-Do

Outsourcing's maturation as an industry has created a substantial body of experience in 'renegotiating' and…

26 years ago
  • Business Challenge
  • Contract
  • Cost Reduction & Avoidance
  • CPG/Retail
  • Financial Services & Insurance
  • Government
  • Industry
  • Pricing
  • Risk-Reward
  • Service Level Agreement (SLA)
  • Time to Market
  • Transition
  • Vendor Management

EURO: Ready or Not, Here It Comes

On January 1, 1999, eleven member countries of the European Union (EU) will adopt the…

26 years ago
  • Business Challenge
  • Cost Reduction & Avoidance
  • Financial Services & Insurance
  • Function
  • Global Service Delivery
  • Industry
  • IT Applications
  • Manufacturing
  • Procurement

The Rise of Global Business Process Outsourcing

Business Process Outsourcing (BPO) is paving the way for leading companies to compete globally and…

26 years ago