CA, Inc. and the Ponemon Institute have announced a study that goes on to analyse momentous cloud security concerns that tends to persist among IT professionals when it comes to cloud services used within their organisation. The study, entitled “Security of Cloud Computing Users,” reveals that more than half of U.S. organisations are adopting cloud services, but only 47 percent of respondents believe that cloud services are evaluated for security prior to deployment. Of equal concern, more than 50 percent of respondents in the U.S. say their organisation is unaware of all the cloud services deployed in their enterprise today.
“Organisations put themselves at risk if they fail to evaluate cloud services for security and don’t have a view of what cloud services are in use throughout the business,” alleged Dave Hansen, corporate senior vice president and general manager for CA’s Security business. Supplementing that – “All parties – IT, the end user, and management – should be involved in the decision making process and need to build guidance around cloud computing adoption to help their organisations more securely deploy cloud services.”
Findings also presented the fact that there is substantial concern in maintaining security with many industries’ mission critical data sets and business processes in the cloud. The surveyed IT practitioners note that a variety of data sets are still too risky to store in the cloud:
– 68 percent thought that cloud computing is too risky to store financial information and intellectual property;
– 55 percent do not want to store health records in the cloud; and
– 43 percent are not in favour of storing credit card information in the cloud.
Additional key findings from the study include:
– Less than 30 percent of respondents are confident they can control privileged user access to sensitive data in the cloud.
– Only 14 percent of respondents believe cloud computing will actually improve their organisation’s security posture.
– Just 38 percent of respondents agree that their organisation has identified information deemed too sensitive to be stored in the cloud.
The research from its barrio suggests that IT personnel should take a full inventory of their organisation’s cloud computing resources, closely evaluate cloud providers, and assess the steps taken to mitigate risks. Going forward, IT should institute policies around what data is appropriate for cloud use and should evaluate deployments before they are made.
“These results further underscore the importance of an actively engaged IT department with the resources and authority to vet cloud services and vendors prior to deployment,” held Dr. Larry Ponemon, chairman and founder, Ponemon Institute. Rhetoricising that – “Cloud computing applications hold a great deal of promise for organisations, but regarding their adoption as a fait accompli and expecting IT to accommodate their use is an approach fraught with risk, and the implications for information security and data privacy are potentially dire.”