Cloud Security Improving, but Still an Issue for Businesses: Ponemon
The report indicated there are conflicting views on who is most responsible for cloud security.While businesses have improved their practices around cloud computing security, there are continued concerns about organizations’ use of security best practices and their awareness of the cloud services used within their organizations, according to the "Security of Cloud Computing Users 2013" study commissioned by CA Technologies and research firm Ponemon Institute. When compared to a previous study from 2010, the latest study, based on survey of 748 IT and IT security practitioners in the United States, indicated progress. However, the report pointed to conflicting views on who is most responsible for cloud security, with a bias toward end users and IT security “getting a pass.” The study also cited conflicting views in the case of best practices, such as vetting services for security risk, engaging the security team in determining cloud service use and assessing how a cloud service could affect data security. The report indicated that while some organizations expect their cloud service providers to ensure the security of software as a service (SaaS) and infrastructure as a service (IaaS) applications (36 percent and 22 percent), a significant amount of the responsibility is assigned to companies’ end users (31 percent for SaaS and 21 percent for IaaS), and very little responsibility was assigned to IT security (8 percent for SaaS and 10 percent for IaaS).
"The survey shows a concerning lack of agreement remains regarding who has responsibility for cloud security," the report noted. "This relinquishment of responsibility points to a lack of clarity around ownership, which may lead to gaps in security processes and governance."