Security - CIOInsight

Home

Security

Cloud Security Survey Reveals Gap Between IT, Compliance Officers

Security Slideshow:
Cloud Security Survey Reveals Gap Between IT, Compliance Officers

By Bob Violino on 2011-11-23

A study by the Ponemon Institute, sponsored by security technology vendor Vormetric Inc., shows that less than half of the 1,018 U.S.-based IT security practitioners and compliance officers surveyed think their organizations have adequate technology in place to secure their cloud computing infrastructures. The two groups of executives—IT security and compliance—disagree sharply on whether the cloud is as secure as on-premise data centers. They also have differing opinions on who is responsible for cloud data security and what security measures companies should use. Ponemon Institute’s report, “Data Security in the Cloud Survey of U.S. IT Operations, IT Security and Compliance Practitioners,” surveyed the executives online over a three-week period ending in October 2011. “While we were surprised by the different attitudes towards cloud security among IT practitioners and compliance officers, the findings did reveal that security in the cloud is a concern for both groups, especially in IaaS environments,” says Larry Ponemon, chairman and founder of the Ponemon Institute. What is most troubling, Ponemon says, is that while respondents feel they lack adequate technologies to secure their cloud environments, ownership of security in the cloud is dispersed throughout the organization.

	LATEST STORIES
	- IT Careers: Departures Mark Exec Shuffles at... - Microsoft Office on iPads, Android Tablets C... - Quest Software Acquisition Would Bolster Del... - N.J. Mayor, Son Arrested for Computer Hackin... - Why HP's Next Leader Should Come from Within...

BLOGS

Tim Moran: CIOs Go To Market

Tony Kontzer: Fed CIO Aims to Root Out IT Waste

Tony Kontzer: Imagine There are No CIOs

Tony Kontzer: Will the Cloud Solve Federal IT Security?

Tony Kontzer: Privacy, Security and the CIO

John Parkinson: When Good DR Goes Bad

Tony Kontzer: What's So Special About iCloud?

Tony Kontzer: Farewell Kundra, We Hardly Knew Ya

More blogs >>

1.Different opinions

Only one third of IT security executives polled think cloud infrastructure environments such as Infrastructure-as-a-Service (IaaS) are as secure as on-premise data centers, while about half (49%) of the compliance officers polled think IaaS is just as secure.

Cloud Security Survey Reveals Gap Between IT, Compliance Officers - Security

2.More different opinions

52% of compliance executives surveyed think their organizations have sufficient policies and procedures to enable safe and secure use of cloud infrastructure. Only 34% of IT security executives surveyed think that’s that case.

3.Responsibilities

21% of compliance officers polled say they are responsible for defining security requirements in the cloud, while 22% of IT security respondents think business unit leaders are responsible for defining security requirements in the cloud.

4.Lacking technologies

Only one third of IT security practitioners polled (35%) polled think their organizations have adequate technologies to secure their IaaS environments; 43% of compliance officers polled agree.

5.Auditing

59% of IT security executives surveyed and 55% of compliance officers surveyed say their organization’s internal audit review does not provide feedback on security in the cloud infrastructure environment.

6.88%

88% of IT security executives surveyed say their organization has firewalls in place to protect sensitive or confidential information placed into cloud environments, while 85% have antivirus/antimalware software in place and 50% have identity and access management.

7.Encryption shortfall

Only 31% of the all respondents say their organization’s major cloud providers use encryption to protect data from insider threats.

8.Data in the cloud

If the data were encrypted, 69% of all the respondents say they would place non-regulated customer data such as purchase history, email address lists and shipping information in the cloud environment. If data were not encrypted, more than half 52% say they would still place this data in the cloud.

9.Increasing budgets

On average, about 20% of the IT budget in organizations participating in the study is allocated to cloud services. This is expected to increase to about 31% over the next 12 to 24 months.

10.56%

More than half (56%) of IT practitioners say that security concerns will not keep their organizations from adopting cloud services.

Recent Slideshows

FEATURED SPONSORED VIDEOS

Security and Availability Essentials for Running Your Business in the Cloud

Cyber Security Trends and Challenges for 2012

IPv6 Integration and Migration

View More Videos

Brought to You By

FEATURED SPONSORED ARTICLES

Erasable E-Paper Saves Trees, Cuts Costs

Why Smart Companies Should Adopt the Lessons of Gaming

Interest in Mobile WiFi Hotspots Fuels New Solutions

A Closer Look at Public Cloud Security

View More Articles

Brought to You By


		Try Windows Azure free for 90 days Introducing the world's first family of systems with integrated expertise FREE Securing Smartphones & Tablets for Dummies Book from Sophos 77% of the Fortune 500 Manage Content Securely with Box. Leverage your virtual computing environment with Dell. Build an IT Infrastructure That Delivers the Future 5 New Technologies That Will Change Enterprise IT

CIO Insight:	Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
Quick Links:	Enterprise Mobility Zone \| Management Case Studies \| Loyalty Programs \| Term Sheet \| Strategy Maps \| Organizational Behavior \| Net Present Value Calculator \| Link to Us
	Security: Network Security Entprise Networking Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Green Computing Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos Magazine Subscriptions Enterprise Websites: ZDE Home eWeek Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices TechDirect iGrep Search Engine PDF Zone Linux Watch
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 10.

Security Slideshow:Cloud Security Survey Reveals Gap Between IT, Compliance Officers