Cloud computing providers: Need a clue about security?Advertisement
A survey conducted by Ponemon Institute, involving 103 US cloud service providers and 24 European counterparts on how they regard and apply security measures for customers’ data entrusted to them suggests that many of them see security as mainly their customer’s problem and judge their proficiencies through low cost and service deployment speed.
cloud computing network, enterprise cloud storage, cloud computing infrastructure, cloud platform, enterprise cloud, cloud infrastructure as a service, cloud based platform, cloud computing seminar, cloud solutions for small business, private cloud, what is cloud server technology, cloud backup, cloud database
65% of the survey’s respondents are dubbed “public” cloud providers, the remaining are “private” or “hybrid” ones. Their 3 most offered services are SaaS, IaaS and PaaS. Over half of these providers do not count cloud computing security in their list of most important obligations, as well as do not believe their products or services is 100% capable of ensuring protection for all critical data.
“On average, providers of cloud computing technologies allocate 10% or less of their operational resources to security and most do not have confidence that customers’ security requirements are being met,” the survey noted. Most of them also admit to not have professional security personnel to monitor security of cloud applications and services, the survey added. Over 60% of the respondent do not express confidence in the security of their cloud resources. However, private-cloud providers seem to be more aware of the importance of security and are more confident in their ability to fulfill security obligations than their public and hybrid counterparts.
Generally, there’s a widely shared belief among cloud providers that customers need them just for cutting costs and getting “faster deployment time”. And that, according to Matthew Gardinal, director of security at CA Technologies, cloud providers “are reacting to the market they’re living in now” and should not be blamed for thinking that way. However, he noted, customers also expect high level of cloud security, and most of them are not willing to put more critical data in the hands of the cloud because of the gap between their expectation for cloud providers and what cloud providers are able to or will do.
Nevertheless, cloud providers do have some confidence in their own abilities. More than 65% of them are confident of being able to ensure recovery from serious IT failures. 81% feel they do have access to high-quality IT security personnel, and 80% ensure they can block viruses or malware. 71% express their confidence in securing critical information in real time and complying with self-regulatory frameworks. However, they also share an uncertainty in identifying and authenticating users before granting access, encrypting information assets, or finding the roots of cyberattacks and preventing them.