CA has announced the results of an international IT security study which finds that European organizations are more confident than their US counterparts about their ability to secure cloud-based applications and data. Despite this, US organizations are more likely to deploy business-critical applications in the cloud than their European counterparts.
Fifty-seven percent of European respondents believe their organizations are vigilant in conducting audits or assessments of cloud computing resources before deployment, compared with only 36 percent of US organizations. The survey also reveals that 44 percent of European respondents and 55 percent of US ones are not confident that they know all the cloud computing applications, platforms, or infrastructure services in use today. CA says that this is compelling evidence that organizations are moving applications and data to the cloud without taking the necessary steps to ensure the information they put there is secure.
The survey, entitled ‘Security for Cloud Computing Users’ was conducted by the Ponemon Institute. A total of 925 interviews were conducted during March 2010.
US respondents state that 22 percent of business-critical applications use software-as-a-service (SaaS) resources, compared with 16 percent for European organizations. Fourteen percent of US business-critical applications reside in infrastructure-as-a-service (IaaS) models, against 11 percent for Europe. And 13 percent of US business-critical applications are based on platform-as-a-service (PaaS) models, compared with nine percent for European organizations.
It is also evident from the research that the ‘consumerization of IT’ causes security experts to be excluded from the cloud evaluation and vetting process and this in turn causes a lack of confidence among IT practitioners. Respondents believe end-users or business unit management (rather than IT security) are most responsible for ensuring a safe and secure cloud computing environment. Thus, for respondents in Europe, the functions believed to be most responsible for ensuring a safe and secure cloud computing environment are: end-users (62 percent), business unit management (58 percent), corporate IT (35 percent), and information security (31 percent). For the US, the most responsible functions include: end-users (75 percent), business unit management (69 percent), information security (29 percent), and corporate IT (23 percent).
Most IT practitioners (in Europe and the US) generally agree that end-users and business unit management need to take a proactive role in ensuring cloud computing security. By contrast, only 30 percent see their organization’s security function as having primary responsibility.
European and US respondents generally agree on the reasons why their organizations are deploying cloud computing resources. For respondents in Europe, the top four reasons are: 67 percent to reduce cost, 62 percent to increase efficiency, 58 percent to achieve faster deployment time, and 31 percent to increase flexibility and choice. The top four reasons for US respondents are: 78 percent to reduce cost, 56 percent to achieve faster deployment time, 50 percent to increased efficiency, and 45 percent to increase flexibility and choice. Interestingly, only 14 percent of both European and US respondents believe that cloud computing will improve security.
To download a copy of the survey report visit: http://ca.com/security/cloud-research