News

Cloud provider security study reveals security gaps

Marcia Savage

Cloud service providers don’t view security as a priority, spending little on it and shifting the responsibility to their customers, according to a study on cloud provider security

    Requires Free Membership to View

released Thursday.

The study, conducted by independent research firm Ponemon Institute and sponsored by Islandia, N.Y.-based CA Technologies, surveyed 103 cloud service providers in the U.S. and 24 in Europe representing a mix of cloud service and deployment models. Seventy-nine percent said they allocate 10% or less of IT resources to security and control-related activity.

Less than 20% view security as a competitive advantage, and fewer than 30% consider security an important responsibility. In fact, 69% said they believe security is primarily the responsibility of the cloud user. Only 29% of public cloud providers are confident the applications and resources they provide are secure.

Instead of security, cloud providers are focused on meeting customer demand for reduced cost and speed of deployment, the study showed. Those surveyed ranked lower costs and faster deployment as the top reasons for their customers to migrate to a cloud computing environment.

Right now, organizations are focused on moving their least sensitive data and applications to the cloud for cost savings and rapid deployment, leading to cloud providers not making security a priority, Matthew Gardiner, director in the security business unit at CA, said in an interview.

“For the cloud to become a really dominate IT architecture, it needs to inherit more sensitive enterprise data and applications,” he said. “There’s the possibility if the market doesn’t mature fast enough on that front, you might run into stall.”

The study was the second part of a two-part series about the state of cloud security by the Ponemon Institute. The first one, released a year ago, surveyed 642 cloud service customers in the U.S. and 283 in Europe. The study showed that cloud users also aren’t willing to assume responsibility for security in the cloud: Only 35% said they believe they are the most responsible for ensuring the security of resources provided by a cloud provider.

The first study also showed that organizations are lagging when it comes to assessing cloud providers. Only 36% of U.S. respondents said their organization is vigilant in conducting audits or assessments of cloud providers before deployment.

A majority of the service providers surveyed (55%) said they offer SaaS; 34% offer IaaS and 11% provide PaaS. Sixty-five percent of the respondents deploy their services in a public cloud environment, while 18% deploy in the private cloud, and 18% are hybrid.

Most of the respondents (91%) don’t offer Security as a Service from the cloud, but about one-third are considering offering a security service in the next couple years.

 


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: