Clouds of anxiety: Companies worry about security of cloud computing
While organizations continue to embrace cloud-computing platforms, surveys find organizations are concerned about security and their very ability to manage it in the cloud.
November 04, 2011 — CSO —
It's no secret that organizations are concerned about their ability to secure and to maintain an adequate regulatory compliance posture in their cloud deployments.
However, just as concerns around credit card security didn't seem to noticeably stall the adoption of e-commerce on the Web, security hasn't stopped or noticeably even slowed cloud adoption. A recent Forrester ForrSight survey shows that 67 percent of large enterprises are using cloud computing Infrastructure-as-a-Service (IaaS) platforms to support production applications. That's greater than the 61 percent saying they use IaaS for testing and development.
Such evidence is mounting that enterprises are no longer using cloud primarily for testing, training, and demonstrations but in crucial production systems. That's why it was interesting to read the recent survey results from the Ponemon Institute research firm that found organizations not only don't have a handle on important aspects of cloud security -- they are also well aware of this.
More than half of respondents to the survey, 52 percent, rated their organization's overall management of cloud server security as fair (27 percent) and poor (25 percent). Another 21 percent didn't have any comment on their ability to secure their cloud servers. Another 42 percent expressed concern that they wouldn't know if their organizations' applications or data was compromised by an open port on a server in a cloud.
The study, "Cloud Security: Managing Firewall Risks" and sponsored by cloud security firm Dome9 Security, was based on the responses of 682 IT and IT security practitioners in the United States, whose organizations rely on hosted or cloud servers.
When asked why organizations are continuing to move to cloud while admittedly not having a strong grasp on their ability to secure their systems, it comes down to habit, says Dave Meizlik, Dome9 VP of marketing and business development. "Many people aren't used to having to directly secure their servers. They have segmented networks and perimeter firewalls that take care of that for them," says Meizlik. "People follow the processes that they know and are used to."
According to the study, sixty-one percent of respondents say their organization does not have a cloud server firewall management product. Of those who do not, 62 percent say it is because they are not scalable, cost too much (59 percent) and are not available (57 percent).
This study mirrored another recent Ponemon security study, sponsored by encryption and key management firm Vormetric Inc., which found that of the 1,000 IT security and compliance officers' questions, less than half believe their organizations have the technologies necessary to secure their cloud deployments.George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter @georgevhulme.
Read more about cloud security in CSOonline's Cloud Security section.
Other stories by George V. Hulme