Who Is responsible For Security in the Cloud?

Uploaded on 2015-10-27 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

2014_10_Screen-Shot-2014-10-30-at-4.15.03-PM.png

What do IT professionals believe to be the hardest part of dealing with security in the cloud. Source: Ponemon Institute

The cloud has achieved mainstream status and most companies have at least some cloud footprint by this point. As with all things technology the question of security only seems to come up after the fact. So, now that companies are working with cloud service providers there is a potential conflict over who should be accountable for making sure the cloud is secure.

Armor—formerly FireHost—sponsored a Ponemon Institute study called Cloud Security: Getting It Right to explore this issue and learn more about the state of cloud security. The report is the result of surveying 990 IT professional managers and executive leaders from organizations that process business-critical data in the cloud or store sensitive business data in a cloud environment.

When an organization purchases cloud services or infrastructure from a third-party provider who is responsible for security? Should the cloud service provider ensure the environment and applications are secure, or is the business itself still responsible for its own security even in the cloud? Or is it somewhere in the middle—and if so, how do you draw the line to distinguish between which entity is responsible for which elements of security?

Cloud Security: Getting It Right uncovered some concerns when it comes to this quandary. More than 60 percent of respondents indicated that security is rarely or never a consideration when evaluating cloud services. Only 15 percent believe that the onus for securing SaaS (software-as-a-service) applications falls on the company’s own IT security team.

Some of the key findings from the study are:

  •  Fifty-six percent of respondents say the ability to save money is by far the primary reason to use cloud resources
  • Only 33 percent of respondents say they have confidence they are meeting security objectives in the cloud
  • Seventy-nine percent of respondents say security is important always or most of the time; 74 percent say compliance is considered important always or most of the time

 “It is alarming to me that 56 percent of respondents say they are unwilling to pay a premium to ensure the security of sensitive data in the cloud,” declared Jeff Schilling, CSO of Armor. “I believe there is a missed opportunity to get the initiative back from the cyber threat who has owned the good guys for more than 10 years. Virtualization and cloud architecture gives the good guys the opportunity to censor and build a secure environment that puts the threat at a disadvantage. However, the data shows most don’t want to invest in a secure solution and are doomed to repeat the mistakes we made in the network-centric build-out of the Internet.”

CSO Online: http://bit.ly/1MQ6uel

« IBM Gives China Access to Software Code
UK Cybercrime & Online Fraud on the Rise »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

Willis Towers Watson

Willis Towers Watson

Willis Towers Watson is a global risk management, insurance brokerage and advisory company. Services offered include Cyber Risks insurance.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

Ingalls Information Security

Ingalls Information Security

Ingalls Information Security provides network security, monitoring and forensics.

Innotec Security

Innotec Security

Innotec Security is a Spanish company specializing in cybersecurity-as-a-service, cyber resilience and cyber risk management.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions is a leader in the design, manufacture, testing, and support of hardware and software solutions for the embedded computing market.

Route1

Route1

Route1 is an advanced provider of secure data intelligence solutions to drive your business forward.

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies offer an advanced innovation for AI security. The Bosch AIShield is the definite answer to safeguard your business against model extraction attacks.

Cybertech Nepal

Cybertech Nepal

Cybertech Nepal is committed to provide high-quality cyber security solutions, including server assessment and hardening, forensics and malware analysis, end-point threat analysis, and VAPT.

ZAG Technical Services

ZAG Technical Services

ZAG Technical Services is an award-winning information technology consulting firm delivering digital transformation solutions, IT assessments, managed services, security, and support.

Spirit Technology Solutions

Spirit Technology Solutions

Spirit Technology Solutions is a modern workplace services provider committed to delivering solutions that embody our core principles of security, sustainability, and scalability.

SentryMark

SentryMark

Stay a Step Ahead of Emerging Threats. Deviate from the traditional siloed defenses and get the proactive and responsive cybersecurity solutions and services you deserve with SentryMark today.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.

Infrassist Technologies

Infrassist Technologies

We're Infrassist - a trusted white label Managed IT & Professional Services partner for MSP businesses.