Less Than Half Of Cloud Services Vetted For Security, According To Study

CA Inc. and the Ponemon Institute, an independent research firm specializing in privacy, data protection and information security policy, recently announced a study analyzing significant cloud security concerns that persist among IT professionals when it comes to cloud services used within their organization.

The study, entitled "Security of Cloud Computing Users," reveals that more than half of U.S. organizations are adopting cloud services, but only 47 percent of respondents believe that cloud services are evaluated for security prior to deployment. Of equal concern, more than 50 percent of respondents in the U.S. say their organization is unaware of all the cloud services deployed in their enterprise today.

"Organizations put themselves at risk if they fail to evaluate cloud services for security and don't have a view of what cloud services are in use throughout the business," said Dave Hansen, corporate senior vice president and general manager for CA's Security business unit. "All parties -- IT, the end user, and management -- should be involved in the decision making process, and need to build guidance around cloud computing adoption to help their organizations more securely deploy cloud services."

Findings also showed that there was a substantial concern across industries in maintaining security for mission critical data sets and business processes in the cloud. The surveyed IT practitioners noted that a variety of data sets were still too risky to store in the cloud:

  • 68 percent thought that cloud computing was too risky to store financial information and intellectual property.
  • 55 percent did not want to store health records in the cloud.
  • 43 percent were not in favor of storing credit card information in the cloud.

Additional key findings from the study included:

  • Less than 30 percent of respondents were confident they could control privileged user access to sensitive data in the cloud.
  • Only 14 percent of respondents believe cloud computing would actually improve their organization's security posture.
  • Just 38 percent of respondents agreed that their organization had identified information deemed too sensitive to be stored in the cloud.

The research suggests that IT personnel should take a full inventory of their organization's cloud computing resources, closely evaluate cloud providers, and assess the steps taken to mitigate risks. Going forward, IT should institute policies around what data is appropriate for cloud use and should evaluate deployments before they are made.

"These results further underscore the importance of an actively engaged IT department with the resources and authority to vet cloud services and vendors prior to deployment," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "Cloud computing applications hold a great deal of promise for organizations, but regarding their adoption as a fait accompli and expecting IT to accommodate their use is an approach fraught with risk, and the implications for information security and data privacy are potentially dire."

Featured

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.