Who Is responsible For Security in the Cloud?

Uploaded on 2015-10-27 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

2014_10_Screen-Shot-2014-10-30-at-4.15.03-PM.png

What do IT professionals believe to be the hardest part of dealing with security in the cloud. Source: Ponemon Institute

The cloud has achieved mainstream status and most companies have at least some cloud footprint by this point. As with all things technology the question of security only seems to come up after the fact. So, now that companies are working with cloud service providers there is a potential conflict over who should be accountable for making sure the cloud is secure.

Armor—formerly FireHost—sponsored a Ponemon Institute study called Cloud Security: Getting It Right to explore this issue and learn more about the state of cloud security. The report is the result of surveying 990 IT professional managers and executive leaders from organizations that process business-critical data in the cloud or store sensitive business data in a cloud environment.

When an organization purchases cloud services or infrastructure from a third-party provider who is responsible for security? Should the cloud service provider ensure the environment and applications are secure, or is the business itself still responsible for its own security even in the cloud? Or is it somewhere in the middle—and if so, how do you draw the line to distinguish between which entity is responsible for which elements of security?

Cloud Security: Getting It Right uncovered some concerns when it comes to this quandary. More than 60 percent of respondents indicated that security is rarely or never a consideration when evaluating cloud services. Only 15 percent believe that the onus for securing SaaS (software-as-a-service) applications falls on the company’s own IT security team.

Some of the key findings from the study are:

  •  Fifty-six percent of respondents say the ability to save money is by far the primary reason to use cloud resources
  • Only 33 percent of respondents say they have confidence they are meeting security objectives in the cloud
  • Seventy-nine percent of respondents say security is important always or most of the time; 74 percent say compliance is considered important always or most of the time

 “It is alarming to me that 56 percent of respondents say they are unwilling to pay a premium to ensure the security of sensitive data in the cloud,” declared Jeff Schilling, CSO of Armor. “I believe there is a missed opportunity to get the initiative back from the cyber threat who has owned the good guys for more than 10 years. Virtualization and cloud architecture gives the good guys the opportunity to censor and build a secure environment that puts the threat at a disadvantage. However, the data shows most don’t want to invest in a secure solution and are doomed to repeat the mistakes we made in the network-centric build-out of the Internet.”

CSO Online: http://bit.ly/1MQ6uel

« IBM Gives China Access to Software Code
UK Cybercrime & Online Fraud on the Rise »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

Canadian Centre for Cyber Security (CCCS)

Canadian Centre for Cyber Security (CCCS)

The Cyber Centre is the single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure, the private sector and the public.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

Quest Software

Quest Software

Simple IT management for a complex world. Whether it’s digital transformation, cloud expansion, security threats or something new, Quest helps you solve complex problems with simple solutions.

Invensity

Invensity

INVENSITY is an interdisciplinary technology and innovation consulting company. Centres of excellence include Cyber Security and Data Privacy.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

DNX Ventures

DNX Ventures

Based in Silicon Valley and Tokyo, DNX Ventures is an early stage VC for B2B startups in sectors including Cybersecurity.

Microminder Cyber Security

Microminder Cyber Security

Microminder Cyber Security are innovators, advisors, strategists committed to solving your cyber security challenges.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

Tryaq

Tryaq

Tryaq are a group of cybersecurity experts and enthusiasts who share the mission to make the world feel safer online.

Prembly

Prembly

Prembly are a compliance and security infrastructure company.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.

Element

Element

Element is a new type of communications platform. It combines consumer messaging apps, collaboration tools and video conferencing to replace email, address shadow IT and improve security.