Simply Security - News, Views, and Opinions from Trend Micro

Posted on November 3rd, 2011 in Current News, Research by Simply Security | 2 Comments | Tags: Compliance & Regulations

Organizational disagreements may be compromising cloud security for a number of companies.

A new research report from the Ponemon Institute has exposed a growing rift between IT security professionals and compliance officers managing cloud environments.

The Ponemon survey polled the opinions of 1,000 IT security practitioners and enterprise compliance officers to gather insight on potential cloud security challenges. The findings seem to suggest that both organizational and technological shortcomings are contributing to heightened data security risks.

According to the study, less than half of all respondents believed their companies had the requisite technology in place to effectively secure cloud environments. However, there were clear differences between the two groups when it came to gauging potential threats and responding with possible solutions.

Only one in three IT security professionals expressed belief that Infrastructure-as-a-Service paradigms were as secure as in-house data centers. Conversely, half of the responding compliance officers trusted the security of cloud platforms.

In response, there was a serious diffusion of responsibility across departments. One in five compliance officers felt that cloud security responsibilities were under their jurisdiction while the same margin of IT security administrators felt that power resided with individual department heads.

"While we were surprised by the different attitudes towards cloud security among IT practitioners and compliance officers, the findings did reveal that security in the cloud is a concern for both groups, especially in IaaS environments," said Ponemon Institute chairman and founder Larry Ponemon. "What is most troubling is the fact that while respondents feel they lack adequate technologies to secure their IaaS environments, ownership for security in the cloud is dispersed throughout the organization."

Whichever department ultimately assumes responsibility for cloud security issues, companies need to act fast to evolve their defense strategies.

According to the survey, less than one third of responding organizations bother encrypting data and files stored and accessed in the cloud. Also, more than half of respondents revealed that their organization's data audit review process has not be amended to address cloud security issues.

In addition to implementing these pillars of data security, Network World contributor Christine Burns recently highlighted new competencies enterprises will need to establish for cloud-specific security.

To begin, Burns suggests identifying and securing all endpoints. Most notably, this will mean a comprehensive mobile device management solution in many cases. Also, companies are encouraged to use their cloud providers as allies and advocate for the inclusion of security features in service level agreements.

Cloud Security News from SimplySecurity.com by Trend Micro