Who Is responsible For Security in the Cloud?

Uploaded on 2015-10-27 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

2014_10_Screen-Shot-2014-10-30-at-4.15.03-PM.png

What do IT professionals believe to be the hardest part of dealing with security in the cloud. Source: Ponemon Institute

The cloud has achieved mainstream status and most companies have at least some cloud footprint by this point. As with all things technology the question of security only seems to come up after the fact. So, now that companies are working with cloud service providers there is a potential conflict over who should be accountable for making sure the cloud is secure.

Armor—formerly FireHost—sponsored a Ponemon Institute study called Cloud Security: Getting It Right to explore this issue and learn more about the state of cloud security. The report is the result of surveying 990 IT professional managers and executive leaders from organizations that process business-critical data in the cloud or store sensitive business data in a cloud environment.

When an organization purchases cloud services or infrastructure from a third-party provider who is responsible for security? Should the cloud service provider ensure the environment and applications are secure, or is the business itself still responsible for its own security even in the cloud? Or is it somewhere in the middle—and if so, how do you draw the line to distinguish between which entity is responsible for which elements of security?

Cloud Security: Getting It Right uncovered some concerns when it comes to this quandary. More than 60 percent of respondents indicated that security is rarely or never a consideration when evaluating cloud services. Only 15 percent believe that the onus for securing SaaS (software-as-a-service) applications falls on the company’s own IT security team.

Some of the key findings from the study are:

  •  Fifty-six percent of respondents say the ability to save money is by far the primary reason to use cloud resources
  • Only 33 percent of respondents say they have confidence they are meeting security objectives in the cloud
  • Seventy-nine percent of respondents say security is important always or most of the time; 74 percent say compliance is considered important always or most of the time

 “It is alarming to me that 56 percent of respondents say they are unwilling to pay a premium to ensure the security of sensitive data in the cloud,” declared Jeff Schilling, CSO of Armor. “I believe there is a missed opportunity to get the initiative back from the cyber threat who has owned the good guys for more than 10 years. Virtualization and cloud architecture gives the good guys the opportunity to censor and build a secure environment that puts the threat at a disadvantage. However, the data shows most don’t want to invest in a secure solution and are doomed to repeat the mistakes we made in the network-centric build-out of the Internet.”

CSO Online: http://bit.ly/1MQ6uel

« IBM Gives China Access to Software Code
UK Cybercrime & Online Fraud on the Rise »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Data Shepherd

Data Shepherd

Data Shepherds primary focus is to protect your business. We achieve this by offering extensive and unique expertise in innovative IT and Cyber security solutions.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

Appvisory

Appvisory

Appvisory by MediaTest Digital is the leading Mobile Application Management-Software in Europe and enables enterprises to work secure on smartphones and tablets.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

C2SEC

C2SEC

C2Sec provides an innovative analytics platform that assesses and quantifies cyber risks in financial terms based on combining patented big data, AI, and cybersecurity technologies.

BitNinja

BitNinja

BitNinja provides full-stack server security in one easy-to-use protection suite. Enjoy real-time protection, automatic false positive handling and threat analysis for more in-depth insights.

drie

drie

drie is an end-to-end cloud services company based in Bahrain, Dubai and London. We enable businesses to adopt, scale on and build for cloud.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

Canadian Cyber Threat Exchange (CCTX)

Canadian Cyber Threat Exchange (CCTX)

The CCTX is Canada’s not-for-profit, private-sector cyber threat sharing hub and collaboration centre.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.