August 16, 2012
At the same time, 25% of these respondents allow or will allow sensitive data to be stored in the cloud, and another 31% are considering it.
InformationWeek Reports (reports.informationweek.com), a service provider for peer-based IT research and analysis, announced the release of its latest research report. Cloud Security: Verify, Don’t Trust analyzes results from InformationWeek’s 2012 Cloud Security and Risk survey. More than 360 business technology professionals responded to this poll.
InformationWeek asked respondents to share their attitudes about cloud security and their approaches to assessing provider security controls, including the use of technical audits, vulnerability assessments and penetration tests. Survey participants were also asked about IT’s use of auditing reports and documentation such as the SSAE 16 and the Cloud Security Alliance’s CAIQ.
- 55% of respondents that use or plan to use or are considering cloud services say unauthorized access to or leak of proprietary data is a top concern, trumping issues such as performance and vendor lock-in.
- 20% say cloud providers have superior security controls.
- 35% perform or plan to perform vulnerability assessments of cloud providers; another 5% do so or will do so even though their contract with the provider forbids it.
- 28% run or will run at least one mission-critical application in the cloud.
The report author, Michael Davis, is CEO of Savid Technologies, a security consulting firm.
For full access to the research data, members can download now:
“The safety of a company’s data is too important to just blindly trust that a cloud provider has the proper security controls and sound operational procedures,” says Andrew Conry-Murray, editor at large for InformationWeek Reports. “Cloud customers and potential customers have to be prepared to invest the time to perform repeatable and process-driven assessments of a provider’s security capabilities. Our report offers helpful guidance.”