IT Security and Compliance Offers Disagree on Cloud Usage
While increasing numbers of companies are taking their business to the cloud, new research suggests there are some differences of opinion when it comes to assigning responsibility for that jump and ensuring the move is a safe one.
Conducted by the Ponemon Institute, the survey of 1,000 IT security professionals and enterprise compliance officers revealed that the two groups sharply disagree on who is responsible for cloud data security, what security measures should be used and whether the cloud is as secure as on-premise datacenters.
According to the study, only one third of IT security professionals believe cloud infrastructure environments are as secure as on-premise data centers. Compliance officers have a more favorable view, with half of those surveyed believing cloud environments are secure options.
IT security professionals and compliance offers also differ on who in the business is responsible for determining how cloud services should be secured. According to the survey, most compliance officers said they are the ones who should be defining the cloud's security requirements, but the majority of IT security specialists think this responsibility belongs to the business' leaders.
The groups did agree that the responsibility of enforcing what security measures there are in place should fall on the shoulders of those in charge of the company.
Those surveyed also shared a general lack of confidence that their companies have the tools to secure their cloud environment. Overall, less than half of those surveyed believe their organizations have the technology necessary to do so.
"While we were surprised by the different attitudes towards cloud security among IT practitioners and compliance officers, the findings did reveal that security in the cloud is a concern for both groups," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a prepared release. "What is most troubling is the fact that while respondents feel they lack adequate technologies to secure their (cloud infrastructure) environments, ownership for security in the cloud is dispersed throughout the organization."
Their concerns aren't preventing them from moving to the cloud, the survey showed.
More than half of the surveyed IT professionals said their security fears wouldn't keep their organizations from adopting cloud-based servicesin the first place
Additionally, the IT budgets dedicated to cloud-related services of those surveyed is expected to increase by more than 10 percent in the next two years.
The report, "Data Security in the Cloud: Survey of U.S. IT Operations, IT Security and Compliance Practitioners," was sponsored by Vormetric, a provider of enterprise systems encryption services.