Access and Feeds

Secure Cloud Computing: Disparity in Level of Comfort Between IT and Compliance Officers

By Dick Weisinger

When it comes to opinions about Cloud technology, IT staff and Compliance officers are on different wavelengths.  A recent study conducted on the Cloud by the Ponemon Institute and sponsored by encryption-provider Vormetric found a “gulf” between the opinions of the two groups.  Wide differences of opinion were noted between the two groups on questions of  security, roles and responsibilities and service provider controls.

52 percent of Compliance officers said that their organizations had sufficient policies and procedures in place to enable IaaS (infrastructure-as-a-service) security, but only 34 percent of IT staff members agreed with this.

49 percent of Compliance officers said IaaS providers were as secure as the organization’s internal, on-premise data centers, but only 33 percent of the IT staff members agreed.

21 percent of Compliance officers say they are responsible for defining security requirements, but nearly an equal number, 22 percent, of the IT staff members thought that the responsibility belonged to business unit leaders.

Prior to the survey, the expectation had been that Compliance officers would tend to be more critical and skeptical of storing data remotely in the cloud than IT.  Ponemon said that because “it’s really hard to manage compliance, especially for privacy and data protection in the cloud environment, we assumed they’d [complinace officers] be more skeptical about security in the cloud. What we found is pretty much the opposite.”

The two groups did agree though that cloud security is a top concern for their organizations.  59 percent of IT staff members and 56 percent of Compliance officials agreed that Cloud security is very high, or high, priority for their organizations.

Larry Ponemon commented on the findings saying that “what is most troubling is the fact that while respondents feel they lack adequate technologies to secure their IaaS environments, ownership for security in the cloud is dispersed throughout the organization.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *


eighteen − 9 =