The State of Cloud Computing Security

Security | Feature | Mike Vizard, Friday, May 21, 2010
cloud computing

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14
Previous Next

Click through to see key finding from a survey from the Ponemon Institute, sponsored by CA Technologies.

One of the most heated debates in all of enterprise computing these days centers on the security of cloud computing. One IT camp argues that cloud computing is inherently more secure because of the ability to invest in all the policies and expertise required to make the overall IT environment secure.

The other camp argues just as vociferously that the centralization of IT into a few cloud computing platforms makes it easier for the bad guys to focus their efforts and that, once breached, hundreds of thousands of records will be as risk because of all the shared infrastructure inherent to the cloud computing model.

Into the midst of this debate comes a new study from the Ponemon Institute that was funded by CA Technologies. The study of 642 IT executives in the U.S and another 283 from Europe, the Middle East and Africa finds that about half of worldwide IT organizations said that no one in their organization evaluates cloud computing providers for security. Worse yet, half said they were pretty sure that no one in their organizations knew about every cloud computing service that end users in their company were storing data on.

Larry Ponemon, chairman of the Ponemon Institute, says the study clearly shows that at the moment the risk factors with cloud computing are high because not all cloud computing providers have the same level of security. In addition, there is no security rating system in place for cloud computing, so business users can’t even rely on third-party security validations.

Lina Liberti, vice president of marketing for security management at CA Technologies, said the real issue is the total lack of transparency between cloud computing providers and internal IT organizations. The end result is that IT organizations don’t want to take responsibility for things like external cloud computing providers that they can’t manage. Of course, business users have lots of good reasons for wanting to use cloud computing services, but with those decisions they also need to be fully cognizant of the associated risks that they are taking responsibility for.

Longer term, Ponemon notes, there is a potential for cloud computing to actually result in more secure enterprise computing environments because as both public and private cloud computing platforms evolve, IT organizations will get a second chance to rethink their entire approach to security, especially as awareness of cloud computing security issues heighten and the work being done by the Cloud Security Alliance continues to evolve.

In the meantime, Ponemon advises both IT organizations and the end users they serve to proceed with caution.

Comments (6) Bookmark and Share

Comments

Engaging article - actually
Sat, 2011-09-17 07:54 — Ste26 (not verified)
Engaging article - actually came to the site for something completely different, but glad I stumbled upon this. Any plans for future updates on the subject? Steven @ www.purelyhydroponic.com
The Price of Security
Sat, 2011-01-29 11:02 — Cluehunt (not verified)
But is it not fair to say no matter how much computer security one has, hackers are always one step a head. Also looking at it this way with out these so called hackers internet security would not need to be up dated so much. So it all comes down to business the more hackers the more business for security at a price.
CSO at Zynga Nils Puhlmann to speak at BTS 2010
Tue, 2010-10-12 00:40 — Swagat Barman (not verified)
CSO at Zynga & Co-founder of Cloud Security Alliance, Nils Puhlmann will provide an overview of where we are today and what areas of cloud security are actively being worked on in the industry at the third season of Business Technology Summit 2o1o in Bangalore. Further he will discuss about the specific risk and threat areas and how can they be mitigated? What other security efforts are underway in the industry to ensure that security is a key part of every cloud offering? For more information log on to btsummit.com
Cloud Security in Focus at Business Technology Summit
Mon, 2010-10-11 06:18 — Swagat Barman (not verified)
Nils Puhlmann will provide an overview of where we are today and what areas of cloud security are actively being worked on in the industry at the third season of Business Technology Summit 2o1o in Bangalore. Further he will discuss about the specific risk and threat areas and how can they be mitigated? What other security efforts are underway in the industry to ensure that security is a key part of every cloud offering? For more information log on to btsummit.com
2 Guidelines for Cloud Security
Wed, 2010-05-26 14:43 — CloudNinja (not verified)
IMHO, when considering security, 2 items need to be addressed: 1) Physical security of the hardware 2) Security of the Data - here are some resources I've found that discuss this and act as guidelines when considering security and the cloud: Physical security: http://www.globalfoundati... http://www.globalfoundati... Data Security: http://www.research.micro... http://www.research.micro... thoughts? hope that helps -cn
Going to the Cloud -Choose Solutions Partners Carefully & Wisely
Sat, 2010-05-22 14:23 — Janice Taylor-Gaines (not verified)
Great article highlighting the need for everyone to have a much higher computer/data security awareness. I am wary about cloud computing, but not against it. Just recognize that whenever data or process go outside your four walls, you lose control of security: And you'd better be very, very sure someone is picking it up. Check a book we use at work, "I.T. WARS" (you can Google to it, a good part of it is available online at Google Books; Amazon too). It has a great Security chapter, and others that treat security, content management, policy, etc. Highly recommended. Great stuff.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <b> <i>

More information about formatting options