Cloud computing providers: Clueless about security?

A survey of 127 of cloud computing providers suggests many regard security as being mainly their customer's problem, and indeed, see their own proficiencies in low cost and speed of deployment services.

More on cloud security: Cloud security still a struggle for many companies, survey finds

Those are among the findings from Ponemon Institute's "Security of Cloud Computing Providers Study," which quizzed 103 cloud service providers in the U.S. and 24 in Europe on their views and practices in securing the data entrusted to them by customers. In the survey 65 per cent of the respondents were "public" cloud providers, the remainder "private" cloud or "hybrid" mix. The most frequently offered service was software-as-a service, followed by infrastructure-as-a-service and platform-as-a-service.

The candid responses from managers, director and technical staff for the cloud providers indicates  well over half "do not consider cloud computing security as one of their most important responsibilities and do not believe their products or services substantially protect and secure confidential or sensitive information," the Ponemon survey notes.

"Buyer beware – on average, providers of cloud computing technologies allocate 10 per cent or less of their operational resources to security and most do not have confidence that customers’ security requirements are being met," states the survey report, "The majority of cloud providers in our study admit they do not have dedicated security personnel to oversee the security of cloud applications, infrastructure or platforms."

Private-cloud providers, however, "appear to attach more importance and have a higher level of confidence in their organization's ability to meet security objectives than providers of public and hybrid cloud solutions."

In general, cloud providers overwhelmingly believe customers seek them out mainly to reduce costs and get "faster deployment time." Over 60 per cent of the cloud providers surveyed expressed lack of confidence in the security of the cloud resources they provided. In fact, 91 per cent said they don't provide security-as-a-service from the cloud today, but about one third are considering doing that in the next two years.

Matthew Gardiner, director of security at CA Technologies, says the cloud providers "are reacting to the market they're living in now" and they "shouldn’t be beaten over the head" for giving what they believe their customers want, like fast deployment. But other evidence suggests customers have  higher expectations about the level of security they should be able to get in the cloud, he notes. The reality is that most customers today are reluctant to hand over more sensitive data to the cloud due to a huge disconnect about what they expect the cloud provider to be able to do and what it can or will.

Over 65 per cent of the cloud service providers responding to the survey said they see ensuring recovery from significant IT failures as something they have confidence they can do.

Cloud providers did express some confidence in some of their own skills. 81 per cent of cloud providers indicate they feel they do have access to "highly-qualified IT security personnel," and 80 per cent of them believe they can "prevent or curtail viruses and malware infection." 71 per cent said they can "secure sensitive or confidential information in motion" and "achieve compliance with leading self-regulatory frameworks."

The cloud providers surveyed had the least confidence in their ability to "identify and authenticate users before granting access," or "prevent or curtail external attacks," "encrypt sensitive or confidential information assets whenever feasible" or "determine the root cause of cyber attacks."

Read more about data center in Network World's Data Center section.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Configuration / maintenancesecurityhardware systemsPonemon InstituteData Centercloud computingcloud computing; cloud securityinternet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?