RSS Alerts
65% of companies used word-of-mouth to evaluate cloud-based services, with only 23% asking for proof of security compliance

Share

More services

Related Links

Related Stories

  • McAfee unveils Cloud Secure program
    McAfee has taken the wraps off its Cloud Secure program, which seeks to allow the growing number of software-as-a-service (SaaS) providers with additional layers of security for their cloud deployments.
  • RSA: Securing cloud computing is industry responsibility says Art Coviello
    In his keynote at RSA 2010, San Francisco, RSA President Art Coviello spoke of the industry’s latest and greatest challenge: securing cloud computing.
  • Unisys adds more secure cloud options
    Unisys has announced a locally-hosted version of its secure cloud computing system, along with updates to its existing managed public cloud offering.
  • Forrester questions the security of cloud computing
    With the economic downturn, cloud computing is seen as a way to improve operational efficiency, reduce headcounts and help with the bottom line, but according to the report from Massachusetts-based Forrester Research on cloud computing, organisations should not jump on the ‘cloud wagon’ before considering security and privacy concerns.
  • Spotlight on Cloud Computing: Keeping Tabs on Your Data’s Address
    Location, location, location. It’s a slogan that has deep meaning for the real estate market, but it also maintains significant relevance to the regulatory and compliance risks associated with cloud computing in the era of globalization. Stephen Pritchard investigates

Top 5 Stories

News

Companies lag behind on cloud security

06 April 2010

Enterprise customers are lagging behind on cloud security, according to a study released by Symantec and the Ponemon Institute.

The survey, called "Information Governance in the Cloud: a Study of IT Practitioners" said that only 27% of responding organisations had procedures for approving cloud applications that use sensitive or confidential information. Lack of leadership, and limited resources for conducting evaluations factored into the low figure, according to the report.

One of the biggest problems for organizations is that the wrong people are evaluating cloud-based applications. End users and business managers were ultimately responsible for deciding which cloud applications to use in 68% of organizations, indicated the survey.

Only one in five organizations surveyed involve their information security teams in the decision making process, with one in four companies admitting that these teams never participated at all. However, almost 7 in every 10 organisations seemed unhappy with this situation, and wanted to see IT professionals more involved in deciding which cloud-based applications should be used.

Perhaps most worrying of all was the fact that only 30% of respondents evaluate cloud computing vendors at all, prior to deploying their products. 65% of companies used word-of-mouth to evaluate cloud-based services, with only 23% asking for proof of security compliance. Only 19% of the respondents indicated that their company provides general data security training that discusses cloud applications, the report added.

Symantec recommended that organizations create policies that directly address sensitive information stored in the cloud, outlining which information is appropriate for storage in this format. Companies should also create tools and procedures to classify this information, it advised.

This article is featured in:
Application Security • Cloud Computing • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012