Latest news
Conflicting views on cloud security responsibility
Posted on 05 March 2013.
CA and the Ponemon Institute released a study that shows companies have improved their practices around cloud computing security compared to a previous study from 2010.
Still, the responses raise questions and concerns about organizations’ use of security best practices and their awareness of cloud services used within their organizations. It also confirms there are conflicting views on who is most responsible for cloud security.
Comparing the two studies reveals that organizations today are more confident in the security of cloud computing and have put in place better security practices around cloud use.
Still, affirmative responses were only around half (50 percent) for questions involving cloud security best practices, confidence in cloud services and knowledge of the cloud services in use within an organization.
“While cloud computing is still one of the most disruptive and promising trends of the past decade, our study shows that cloud security struggles to get past a grade of 50 percent when it comes to best practices, including the percentage of organizations that say they engage their security teams in determining the use of cloud services,” said Mike Denning, general manager, Security, CA Technologies. “We believe that organizations can do better and gain the benefits of cloud computing by reducing risk and achieving that desired balance of protection and business enablement.”
The study provided several key insights:
Cloud confidence and best practices are improving but further progress can be made. Positive survey responses only hovered around half (50 percent) for any given question around cloud security best practices, such as vetting services for security risk, engaging the security team in determining cloud service use and assessing how a cloud service could impact data security. In addition, while this statistic improved by five percent from the 2010 survey, only 50 percent of organizations are confident they know all the cloud services in use within their organization.
Responsibility for cloud security is mixed with a bias toward end users and IT Security getting a pass. The survey shows a concerning lack of agreement remains regarding who has responsibility for cloud security. While some organizations expect their cloud services providers to ensure the security of SaaS and IaaS applications (36 percent and 22 percent, respectively), a significant amount of the responsibility is assigned to companies’ end-users (31 percent for SaaS; 21 percent for IaaS), and very little responsibility was assigned to IT Security (eight percent for SaaS and 10 percent for IaaS). This relinquishment of responsibility points to a lack of clarity around ownership, which may lead to gaps in security processes and governance.
Users prefer hybrid identity and access management (IAM) security solutions. Sixty-four percent of survey respondents would prefer a hybrid IAM implementation that supports both on-premise and cloud-based applications.
“Confidence in and best practices for the security of cloud computing is improving but not as significantly as one might have expected since our 2010 study,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Our latest study offers organizations new data that should spark them to examine their own internal practices which could result in improvements in how they adopt and secure cloud services and applications.”
Still, the responses raise questions and concerns about organizations’ use of security best practices and their awareness of cloud services used within their organizations. It also confirms there are conflicting views on who is most responsible for cloud security.
Comparing the two studies reveals that organizations today are more confident in the security of cloud computing and have put in place better security practices around cloud use.
Still, affirmative responses were only around half (50 percent) for questions involving cloud security best practices, confidence in cloud services and knowledge of the cloud services in use within an organization.
“While cloud computing is still one of the most disruptive and promising trends of the past decade, our study shows that cloud security struggles to get past a grade of 50 percent when it comes to best practices, including the percentage of organizations that say they engage their security teams in determining the use of cloud services,” said Mike Denning, general manager, Security, CA Technologies. “We believe that organizations can do better and gain the benefits of cloud computing by reducing risk and achieving that desired balance of protection and business enablement.”
The study provided several key insights:
Cloud confidence and best practices are improving but further progress can be made. Positive survey responses only hovered around half (50 percent) for any given question around cloud security best practices, such as vetting services for security risk, engaging the security team in determining cloud service use and assessing how a cloud service could impact data security. In addition, while this statistic improved by five percent from the 2010 survey, only 50 percent of organizations are confident they know all the cloud services in use within their organization.
Responsibility for cloud security is mixed with a bias toward end users and IT Security getting a pass. The survey shows a concerning lack of agreement remains regarding who has responsibility for cloud security. While some organizations expect their cloud services providers to ensure the security of SaaS and IaaS applications (36 percent and 22 percent, respectively), a significant amount of the responsibility is assigned to companies’ end-users (31 percent for SaaS; 21 percent for IaaS), and very little responsibility was assigned to IT Security (eight percent for SaaS and 10 percent for IaaS). This relinquishment of responsibility points to a lack of clarity around ownership, which may lead to gaps in security processes and governance.
Users prefer hybrid identity and access management (IAM) security solutions. Sixty-four percent of survey respondents would prefer a hybrid IAM implementation that supports both on-premise and cloud-based applications.
“Confidence in and best practices for the security of cloud computing is improving but not as significantly as one might have expected since our 2010 study,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Our latest study offers organizations new data that should spark them to examine their own internal practices which could result in improvements in how they adopt and secure cloud services and applications.”
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
