Create Your Next Customer is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

40% Of Those With An Interest In Cloud Services Don’t Have A Process To Assess Provider Security According To New InformationWeek Reports Research

August 16, 2012

At the same time, 25% of these respondents allow or will allow sensitive data to be stored in the cloud, and another 31% are considering it.

InformationWeek Reports (, a service provider for peer-based IT research and analysis, announced the release of its latest research report. Cloud Security: Verify, Don’t Trust analyzes results from InformationWeek’s 2012 Cloud Security and Risk survey. More than 360 business technology professionals responded to this poll.

Research Summary:

InformationWeek asked respondents to share their attitudes about cloud security and their approaches to assessing provider security controls, including the use of technical audits, vulnerability assessments and penetration tests. Survey participants were also asked about IT’s use of auditing reports and documentation such as the SSAE 16 and the Cloud Security Alliance’s CAIQ.


  • 55% of respondents that use or plan to use or are considering cloud services say unauthorized access to or leak of proprietary data is a top concern, trumping issues such as performance and vendor lock-in.
  •  20% say cloud providers have superior security controls.
  •  35% perform or plan to perform vulnerability assessments of cloud providers; another 5% do so or will do so even though their contract with the provider forbids it.
  •  28% run or will run at least one mission-critical application in the cloud.

The report author, Michael Davis, is CEO of Savid Technologies, a security consulting firm.

For full access to the research data, members can download now: [download id=14949/]

“The safety of a company’s data is too important to just blindly trust that a cloud provider has the proper security controls and sound operational procedures,” says Andrew Conry-Murray, editor at large for InformationWeek Reports. “Cloud customers and potential customers have to be prepared to invest the time to perform repeatable and process-driven assessments of a provider’s security capabilities. Our report offers helpful guidance.”

Research, cloud security, IT Industry Research, News Releases