IT Security Professionals Prefer FISMA- or PCI-Compliant Cloud Vendors

A recent survey also finds that just 32 percent of companies believe the cost savings gained from cloud computing outweigh security considerations.

A recent survey has found that 32 percent of companies believe the cost savings associated with cloud computing outweigh security considerations for their organization, up from 26 percent in 2010. In addition, 69 percent of respondents would be more likely to consider cloud vendors that are PCI- or FISMA (Federal Information Security Management Act)-compliant, compared with 63 percent in 2010.

Automated security and compliance auditing solutions specialist nCircle announced the results of the company's 2011 Information Cloud Computing Study. The results are based on a survey of 551 respondents in the IT security industry, including senior management, IT operations, security professionals, and risk and audit managers. The survey was conducted between March 17 and March 25, 2011, and covered a range of security topics.

Of those surveyed, 69 percent of companies are considering cloud computing, up from 66 percent in 2010. "These results are a clear indication that there is demand for specific and tangible assurance of security and compliance measures from cloud vendors," said Tim Keanini, CTO for nCircle. "IT security professionals are informed buyers. They know that cloud vendors currently produce very little evidence of their internal security and compliance processes and do not allow their customers to conduct their own security and compliance audits."

Industries included in the study were technology, federal government, financial services, health care and education, among others. Over 40 percent of those surveyed have a security role in their organizations, while IT operations make up almost a quarter of the total respondents. Over half of the 551 respondents stated that their organizations staff more than 2,000 employees. Of those surveyed, 96 percent are located in the United States, while 1.5 percent are located in Ecuador and less than 1 percent each are in Belgium, India and Northern Mariana Islands.

A similar survey from nCircle identified the top three security concerns for 2011, which include meeting security compliance requirements, cloud computing and advanced persistent threat. Nearly half (48 percent) of respondents said that the economic downturn has impacted security initiatives in their organization, an 11 percent increase from 2010.

In 2010, only 6 percent of respondents saw the economic downturn as a key factor in the increase of external threats; in 2011 the number of respondents citing the same concern increased 9 percent. In addition, 18 percent of respondents said that the economic downturn slowed the progress of compliance initiatives, a 30 percent increase from 2010. The survey also found 44 percent of companies don't believe their companies effectively measure and report on security risk reduction and compliance, a 7 percent increase from 2010, and 30 percent of companies don't adequately enforce their own security policies.

Reducing network and information security risks and demonstrating continuous compliance continue to be key enterprise security priorities. Concern about smartphone security doubled from 4 percent in 2010 to 8 percent in 2011; however, meeting security compliance requirements and Web application vulnerabilities continue to be the key issues for enterprise security teams, according to survey results.