Less than half of cloud services are vetted for security
More than half of U.S. organizations are adopting cloud services, but only 47 percent of respondents believe that cloud services are evaluated for security prior to deployment, according to a survey by the Ponemon Institute and CA. The study reveals significant cloud security concerns that persist among IT professionals when it comes to cloud services used within their organization.
More than 50 percent of respondents in the U.S. say their organization is unaware of all the cloud services deployed in their enterprise today. Findings also showed that there was a substantial concern across industries in maintaining security for mission critical data sets and business processes in the cloud.
The surveyed IT practitioners noted that a variety of data sets were still too risky to store in the cloud:
- 68 percent thought that cloud computing was too risky to store financial information and intellectual property
- 55 percent did not want to store health records in the cloud; and
- 43 percent were not in favor of storing credit card information in the cloud.
Additional key findings from the study included:
- Less than 30 percent of respondents were confident they could control privileged user access to sensitive data in the cloud.
- Only 14 percent of respondents believe cloud computing would actually improve their organization’s security posture.
- Just 38 percent of respondents agreed that their organization had identified information deemed too sensitive to be stored in the cloud.
The research suggests that IT personnel should take a full inventory of their organization’s cloud computing resources, closely evaluate cloud providers, and assess the steps taken to mitigate risks. Going forward, IT should institute policies around what data is appropriate for cloud use and should evaluate deployments before they are made.