Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Cloud Services Not Properly Evaluated for Security, IT Managers Unaware of All Cloud Services in Their Enterprise

Cloud Security Study: IT Unaware of All Cloud Services Used in Their Enterprise; Less Than Half of are Properly Evaluated for Security

Cloud Security Study: IT Unaware of All Cloud Services Used in Their Enterprise; Less Than Half of are Properly Evaluated for Security

Cloud computing is proving to be an important trend in information technology globally. The benefits for business and IT include cost reduction, increased productivity, and scalability. Unfortunately, many organizations are migrating to the cloud without ensuring the data they put in the cloud is secure.

CA, Inc. (NASDAQ: CA) and the Ponemon Institute, today announced the results of a recent study analyzing the security concerns of IT professionals surrounding the utilization of cloud services within their organization.Ponemon Institute, CA, Inc.

The study, entitled “Security of Cloud Computing Users,” showed that over half of U.S. organizations are adopting cloud services, but only 47 percent of respondents say that cloud services are properly evaluated for security prior to deployment. Additionally, more than 50 percent of respondents in the U.S. say they are unaware of all the cloud services currently in use in within their enterprise.

Some key discoveries showed substantial concern across industries in maintaining security for mission critical data and business processes in the cloud. IT practitioners noted that a variety of data sets were still too risky to move to the cloud:

  • 68 percent thought that cloud computing was too risky to store financial information and intellectual property;
  • 55 percent did not want to store health records in the cloud; and
  • 43 percent were not in favor of storing credit card information in the cloud.

Additional key findings from the study included:

  • Less than 30 percent of respondents were confident they could control privileged user access to sensitive data in the cloud.
  • Only 14 percent of respondents believe cloud computing would actually improve their organization’s security posture.
  • Just 38 percent of respondents agreed that their organization had identified information deemed too sensitive to be stored in the cloud.

The results demonstrate that IT managers need to take a full inventory of their organization’s cloud computing resources, closely evaluate cloud providers, and properly assess the risks with putting customer and company data in the cloud. IT managers also need to implement policies around what data is appropriate for cloud use and evaluate deployments before they are made.

“Organizations need to ensure the cloud – whether you’re talking about applications, platforms or infrastructure – is secure before they use it. The study results indicate that organizations are approaching cloud security differently than they do enterprise security and not applying the same best practices and policies they use for the enterprise,” said Lina Liberti, vice president of product marketing, CA Security.

While cloud computing services can offer cost savings and efficiencies to many organizations, evaluating and implementing the security practices may offset some of the benefits, diminishing one of the main reasons for choosing the cloud. Despite such concerns, the data suggests that many organizations will pay a premium to cloud providers that prove to be secure.

“Organizations need to extend their security policies to accommodate the cloud and should look for security transparency from their providers.” “Organizations put themselves at risk if they fail to evaluate cloud services for security and don’t have a view of what cloud services are in use throughout the business,” said Dave Hansen, corporate senior vice president and general manager for CA’s Security business unit. “All parties – IT, the end user, and management – should be involved in the decision making process, and need to build guidance around cloud computing adoption to help their organizations more securely deploy cloud services.”

The Security of Cloud Computing Users study sampled 642 IT and IT security practitioners in the U.S. with an average of 12 years experience in the field. The study was conducted during the month of March, and included both technicians and managers in a wide range of industries.

The table below reports five attributes concerning respondents’ views about the security of cloud computing within their organizations.

Security of Cloud Computing Study

In the coming months, CA, Inc. and The Ponemon Institute plan to release the results of second study focused on cloud computing providers located in the United States and Europe.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility