Cloud Security the Client's Responsiblity, Service Providers Say
The biggest complaint in the wake of recent data breaches, whether it’s Sony or Epsilon, has centered on the lack of security controls in place to protect customer data. A recent Ponemon Institute report found that cloud providers don’t think that’s their job.
A shocking 73 percent of U.S. service providers and 75 percent of their European counterparts said their cloud services did not substantially protect and secure their customers’ confidential or sensitive information, according to the recent Security of Cloud Computing Providers report from the Ponemon Institute. Nearly 62 percent of U.S. providers and 63 percent of European providers were not confident that their cloud applications and resources were secure.
Approximately 69 percent of cloud providers in the survey didn’t believe securing the data was their responsibility. Just 16 percent of cloud providers felt security should be a shared responsibility. Vendors told the Ponemon Institute researchers they didn’t always evaluate their systems and applications prior to deploying them to the customer.
The findings surprised the researchers, according to Larry Ponemon, the institute’s founder.
The Ponemon Institute did a similar study in 2010 on cloud users where 35 percent of cloud users thought securing their data on the cloud was their responsibility and 33 percent thought it was a shared responsibility.
"Neither the company that provides the services nor the company that uses cloud computing seem willing to assume responsibility for security in the cloud," the researchers concluded in the report.
A majority of the surveyed vendors don’t even have dedicated security personnel to oversee the security of their applications, infrastructure or platform, the report found. On average, providers allocated 10 percent or less of their resources to address security.
The findings weren’t entirely grim. Over 81 percent of cloud providers said they had access to "highly-qualified IT security personnel" and 80 percent had confidence in their ability to "prevent or curtail viruses and malware infection." Another 71 percent said they could "secure sensitive or confidential information in motion" and "achieve compliance with leading self-regulatory frameworks."
For more, read the eWEEK article: Cloud Service Providers Say Data Security 'Not My Job': Study.