Cloud security still a struggle for many companies, survey finds
Despite the value many companies see in cloud computing, a lot of you are still afraid of the security implications, according to this year's Global Information Security Survey.
By Bill Brenner , Senior Editor
September 30, 2010 — CSO —
You want to embrace cloud computing because it makes your IT operations leaner and less expensive. But your understanding of cloud security hasn't advanced much in the last year, so you have to be cautious.
That's one of the takeaways from the Eighth Annual Global Information Security Survey CSO conducted along with sister publication CIO and PriceWaterhouseCoopers. Some 12,847 business and technology executives from around the world took the survey, and many admitted they're still a bit scared with the idea of putting critical data in the cloud.
Also see part 1 of this series: Business partners a growing security concern
Sixty-two percent of you have little to no confidence in your ability to secure any assets that you put in the cloud. Even among the 49 percent of respondents who have ventured into cloud computing, more than a third (39 percent) have major qualms about security.
Asked what they think is the greatest risk to their cloud computing strategy, respondents said they were uncertain about their ability to enforce security policies at a provider site, and were concerned about inadequate training and IT auditing. James Pu, information security officer for the Los Angeles County Employees Retirement Association (Lacera), is among the skeptics. He says he loves the flexibility and agility cloud computing could provide, but he's just not convinced that today's cloud technology is ready for prime time.
"As good as it is today, you don't have the same reliability as you have with a local-area network," says Pu, who does double duty as Lacera's CIO. "I also worry about the third parties involved." Cloud vendors, he notes, use third parties to host data centers and hardware. And those hosts may hire people without doing necessary background screening. "When data goes into the cloud," Pu says, "all it takes is a software bug to accidentally reveal my data."
Before cloud computing can become universally accepted as a secure option, a few things have to happen, says Ken Pfeil, CSO for a large mutual fund company in the Boston area and formerly CSO for financial companies Capital IQ and Miradiant.
First, he says, security experts must come up with more specific guidelines for which kinds of data it is acceptable to store in the cloud, be it customer information or intellectual property. He also wants clarification from regulatory agencies such as the Securities and Exchange Commission as to how financial reporting controls should work in the cloud.
Understanding critical issues in securing cloud computing—public, private, hybrid, SaaS and all other flavors
Hybrid cloud security real-world tales
Most organizations will use a mixed IT environment that includes public and private clouds as well as non-cloud systems
SaaS, IaaS and Paas: A security checklist for cloud models
API keys, connecting to the cloud, and other important issues to consider
5 cloud security predictions
Smart-phone slinging, identity management, multitenancy, and more
5 key cloud security issues
Cloud security: The basics
Cloud security all about the contract
Cloud security survival guide
The real problems with cloud computing
- B2B Integration on Cloud: Real World Solutions and Technology Advances
- Cloud Collaboration Knowledge Vault
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Mandiant's APT1: Revisited
The Mandiant APT1 report made our industry stronger by encouraging -- if not forcing -- information sharing. By Nick Selby - Attacks from China: A survival guide
- #FFSec: Infosec pros who bring value to Twitter
More Salted Hash with Bill Brenner
