According to a survey of 551 respondents in the IT security industry, 32% of organizations believe that costs savings outweigh security concerns in using cloud computing, up from only 26% in the 2010 survey.
A full 69% of respondents are considering cloud computing, up from 63% in 2010.
In addition, 69% of respondents would be more likely to consider cloud vendors that comply with either Payment Card Industry (PCI) standards or Federal Information Security and Management Act (FISMA) rules, compared with 63% in 2010.
“As people are getting a better understanding of the savings and seeing more case studies, we are getting more people interested in the cloud. And they are bringing their high level of security concerns to the picture. As the interest in the cloud grows, we are going to see a demand for more and more attention to cloud security from the cloud providers”, commented Keren Cummins, director of federal markets for nCircle.
A portion of the respondents were from the US federal government. “An interesting question is whether the government allows the cloud providers to self-assert that they are secure, or whether there is going to be a more proactive and direct effort on the part of the government to assess the security of cloud providers”, Cummins noted.
She related that the Centers for Medicare and Medicaid Services (CMS) have moved from a FISMA-compliance-based security regime for their data centers toward a more proactive approach to security based on continuous monitoring. “Medicare now proactively and independently assesses the vulnerabilities and configurations of their contractors….They actually issue letter grades to their data centers.” She expects the federal government to adopt a more proactive approach to cloud security based on the CMS model.
FISMA certification alone is no longer adequate to ensure the security of cloud providers to the federal government, Cummins noted. “Traditionally, FISMA certification has been a bar that you cleared on a periodic basis. Once you cleared that bar you were good to go for an extended period of time”, she said.
“The interpretation that [the Office of Management and Budget] and [the Department of Homeland Security] is bringing to FISMA compliance is starting to have a much stronger continuous monitoring flavor, which then makes it meaningful in the context of cloud security….As FISMA evolves, this is going to be a powerful security tool for the government community”, she said.
In addition to the federal government, nCircle surveyed IT security personnel in the technology, financial services, and health care industries, as well as education. Over 40% of those surveyed have a security role in their organizations, while IT operations comprise almost a quarter of the total respondents.
Over half of the 551 respondents stated that their organizations staff more than 2,000 employees. Of those surveyed, 96% are located in the United States, while 1.5% are located in Ecuador and less than 1% each are in Belgium, India and Northern Mariana Islands.