Who Is responsible For Security in the Cloud?

Uploaded on 2015-10-27 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

2014_10_Screen-Shot-2014-10-30-at-4.15.03-PM.png

What do IT professionals believe to be the hardest part of dealing with security in the cloud. Source: Ponemon Institute

The cloud has achieved mainstream status and most companies have at least some cloud footprint by this point. As with all things technology the question of security only seems to come up after the fact. So, now that companies are working with cloud service providers there is a potential conflict over who should be accountable for making sure the cloud is secure.

Armor—formerly FireHost—sponsored a Ponemon Institute study called Cloud Security: Getting It Right to explore this issue and learn more about the state of cloud security. The report is the result of surveying 990 IT professional managers and executive leaders from organizations that process business-critical data in the cloud or store sensitive business data in a cloud environment.

When an organization purchases cloud services or infrastructure from a third-party provider who is responsible for security? Should the cloud service provider ensure the environment and applications are secure, or is the business itself still responsible for its own security even in the cloud? Or is it somewhere in the middle—and if so, how do you draw the line to distinguish between which entity is responsible for which elements of security?

Cloud Security: Getting It Right uncovered some concerns when it comes to this quandary. More than 60 percent of respondents indicated that security is rarely or never a consideration when evaluating cloud services. Only 15 percent believe that the onus for securing SaaS (software-as-a-service) applications falls on the company’s own IT security team.

Some of the key findings from the study are:

  •  Fifty-six percent of respondents say the ability to save money is by far the primary reason to use cloud resources
  • Only 33 percent of respondents say they have confidence they are meeting security objectives in the cloud
  • Seventy-nine percent of respondents say security is important always or most of the time; 74 percent say compliance is considered important always or most of the time

 “It is alarming to me that 56 percent of respondents say they are unwilling to pay a premium to ensure the security of sensitive data in the cloud,” declared Jeff Schilling, CSO of Armor. “I believe there is a missed opportunity to get the initiative back from the cyber threat who has owned the good guys for more than 10 years. Virtualization and cloud architecture gives the good guys the opportunity to censor and build a secure environment that puts the threat at a disadvantage. However, the data shows most don’t want to invest in a secure solution and are doomed to repeat the mistakes we made in the network-centric build-out of the Internet.”

CSO Online: http://bit.ly/1MQ6uel

« IBM Gives China Access to Software Code
UK Cybercrime & Online Fraud on the Rise »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cologix

Cologix

Cologix provides reliable, secure, scalable data center and interconnection solutions from 24 prime interconnection locations across 9 strategic North American edge markets.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

Zerocopter

Zerocopter

Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.

Irdeto

Irdeto

Irdeto is the world leader in digital platform security, protecting platforms and applications for media & entertainment, gaming, connected transport and IoT connected industries.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Bfore.ai

Bfore.ai

Stop future attacks, today. Bfore.ai is an operational threat intelligence feed to add predictive technology to your security infrastructure.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.

Point3 Security

Point3 Security

Point3 Security is a premier information security organization that provides the industry with the talent screening and analytical tools to enhance its workforce.

Repello AI

Repello AI

Repello - making AI safe to trust. We help you continuously red-team your GenAI applications against ever-evolving AI threat landscape.