Public Cloud Customers Admit Security Challenges

Written by

Most global organizations aren’t fully confident in the effectiveness of their security controls in the public cloud, despite storing sensitive data there, according to a new Cloud Security Alliance (CSA) study.

Sponsored by Anjuna Security, the Sensitive Data in the Cloud report is compiled from interviews with 452 IT and security professionals, from various organization sizes and locations.

It revealed that over two-thirds (67%) of respondents now store sensitive data or workloads with public cloud service providers (CSPs).

However, while a majority claimed they find CSP security controls somewhat (51%) or highly effective (38%), the same is not true of their own tooling.

In fact, around a third (31%) said they are not confident or only slightly confident about their ability to protect sensitive data in the cloud, and a further 44% claimed they are only “moderately” confident.

This matters, because security is a shared responsibility in the cloud, meaning CSPs will only cover specific assets, processes and functions. In an IaaS or PaaS model, the customer is still responsible for securing any data, application logic and code, identity and access and other elements, according to the CSA.

Skills gaps and shortages are also contributing to the strain on in-house security efforts in the cloud. There's now a shortage of over 2.7 million workers globally, including 402,000 in North America, 199,000 in Europe and 33,000 in the UK.

“Increasingly, organizations are overcoming their initial apprehension around the cloud and its perceived security insufficiencies and are storing their sensitive data in public cloud environments,” explained CSA senior technical director for research, Hillary Baron.

“In general, organizations have reservations about their own ability to protect their sensitive data in the cloud. By shedding light on these issues, we can find ways to address and eventually close the gap between the perceived effectiveness of CSP security controls and organizations lacking confidence in their abilities to protect sensitive data in the cloud.”

What’s hot on Infosecurity Magazine?