Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Cloud Services Not Properly Evaluated for Security, IT Managers Unaware of All Cloud Services in Their Enterprise

Cloud Security Study: IT Unaware of All Cloud Services Used in Their Enterprise; Less Than Half of are Properly Evaluated for Security

Cloud Security Study: IT Unaware of All Cloud Services Used in Their Enterprise; Less Than Half of are Properly Evaluated for Security

Cloud computing is proving to be an important trend in information technology globally. The benefits for business and IT include cost reduction, increased productivity, and scalability. Unfortunately, many organizations are migrating to the cloud without ensuring the data they put in the cloud is secure.

CA, Inc. (NASDAQ: CA) and the Ponemon Institute, today announced the results of a recent study analyzing the security concerns of IT professionals surrounding the utilization of cloud services within their organization.Ponemon Institute, CA, Inc.

The study, entitled “Security of Cloud Computing Users,” showed that over half of U.S. organizations are adopting cloud services, but only 47 percent of respondents say that cloud services are properly evaluated for security prior to deployment. Additionally, more than 50 percent of respondents in the U.S. say they are unaware of all the cloud services currently in use in within their enterprise.

Some key discoveries showed substantial concern across industries in maintaining security for mission critical data and business processes in the cloud. IT practitioners noted that a variety of data sets were still too risky to move to the cloud:

  • 68 percent thought that cloud computing was too risky to store financial information and intellectual property;
  • 55 percent did not want to store health records in the cloud; and
  • 43 percent were not in favor of storing credit card information in the cloud.

Additional key findings from the study included:

  • Less than 30 percent of respondents were confident they could control privileged user access to sensitive data in the cloud.
  • Only 14 percent of respondents believe cloud computing would actually improve their organization’s security posture.
  • Just 38 percent of respondents agreed that their organization had identified information deemed too sensitive to be stored in the cloud.

The results demonstrate that IT managers need to take a full inventory of their organization’s cloud computing resources, closely evaluate cloud providers, and properly assess the risks with putting customer and company data in the cloud. IT managers also need to implement policies around what data is appropriate for cloud use and evaluate deployments before they are made.

“Organizations need to ensure the cloud – whether you’re talking about applications, platforms or infrastructure – is secure before they use it. The study results indicate that organizations are approaching cloud security differently than they do enterprise security and not applying the same best practices and policies they use for the enterprise,” said Lina Liberti, vice president of product marketing, CA Security.

While cloud computing services can offer cost savings and efficiencies to many organizations, evaluating and implementing the security practices may offset some of the benefits, diminishing one of the main reasons for choosing the cloud. Despite such concerns, the data suggests that many organizations will pay a premium to cloud providers that prove to be secure.

“Organizations need to extend their security policies to accommodate the cloud and should look for security transparency from their providers.” “Organizations put themselves at risk if they fail to evaluate cloud services for security and don’t have a view of what cloud services are in use throughout the business,” said Dave Hansen, corporate senior vice president and general manager for CA’s Security business unit. “All parties – IT, the end user, and management – should be involved in the decision making process, and need to build guidance around cloud computing adoption to help their organizations more securely deploy cloud services.”

The Security of Cloud Computing Users study sampled 642 IT and IT security practitioners in the U.S. with an average of 12 years experience in the field. The study was conducted during the month of March, and included both technicians and managers in a wide range of industries.

Advertisement. Scroll to continue reading.

The table below reports five attributes concerning respondents’ views about the security of cloud computing within their organizations.

Security of Cloud Computing Study

In the coming months, CA, Inc. and The Ponemon Institute plan to release the results of second study focused on cloud computing providers located in the United States and Europe.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.