Enterprise cloud security practices are improving (slightly), but there remains a long way to go, according to a new report.
Only around 50 percent of IT leaders surveyed in a new report said they are confident they are aware of all of the cloud services in use within their organization, a roughly 5 percent improvement since 2010.
For Mike Denning, general manager of Security at CA Technologies, enterprises can -- and need to -- do much better.
“While cloud computing is still one of the most disruptive and promising trends of the past decade, our study shows that cloud security struggles to get past a grade of 50 percent when it comes to best practices, including the percentage of organizations that say they engage their security teams in determining the use of cloud services,” said Denning in a press statement. “We believe that organizations can do better and gain the benefits of cloud computing by reducing risk and achieving that desired balance of protection and business enablement.”
The survey, Security of Cloud Computing Users 2013, was issued by the Ponemon Institute at the request of CA Technologies. It was last commissioned in 2010. This roughly two-year gap provides an interesting look at the evolution of industry cloud security practices.
From a security standpoint, not proactively assessing these solutions prior to deployment remains an alarming trend. Only 51 percent of polled IT leaders said that they evaluate their Software-as-a-Service (SaaS) applications before use (up from 45 percent in 2010), while nearly 35 percent said they didn't evaluate their SaaS applications at all prior to deployment, according to the survey.
The same can be said for outsourcing security, where Infrastructure-as-a-Service (IaaS) solutions have grown in use to 45 percent (up 10 percent from 2010). Despite the increase in utilization, many -- as they are with SaaS -- are surprisingly hands-off when it comes to security. Only 49 percent of respondents said their organization evaluates these IaaS products prior to use (compared to 46 percent in 2010), while 21 percent said the responsibility for security remains in the hands of the end user.
This hands-off approach places an inordinate amount of responsibility on the end user.
For SaaS applications, 36 percent of respondents said that the provider was responsible for security, while 31 percent said the onus falls on the end user. On the IaaS front, 22 percent said responsibility was within the purview of the provider, while 21 percent it was the users issue.
Overall, positive responses to all survey queries hovered around the 50% mark, a sure sign that as cloud computing continues its rapid evolution, there is much to be done to satisfy the needs of the security community.
“Confidence in and best practices for the security of cloud computing is improving but not as significantly as one might have expected since our 2010 study,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in the release. “Our latest study offers organizations new data that should spark them to examine their own internal practices which could result in improvements in how they adopt and secure cloud services and applications.”
The study surveyed 748 IT and IT security practitioners on the state of their company's cloud practices.
- About Corero
- Investor Relations
- News Room
- Executive Management Team
- Corero Offices
- Contact Us