Who should look after cloud data – the CSP or the end user? Execs undecided
The debate over whether the end user or the cloud service provider (CSP) should be responsible for data security has been reopened after new research from Armor and Ponemon Institute proved inconclusive.
The survey, which quizzed 990 US and UK-based CIOs, CISOs and directors of IT operations, found almost a third (31%) expect their cloud provider to keep SaaS applications secure, while 20% believe the customers are more responsible and only 16% argue it is a shared responsibility.
While 15% of organisations polled believe the IT security team should be most accountable for securing SaaS applications, 60% admit IT security is rarely or never involved when it comes to evaluating cloud services.
Not surprisingly, 79% of respondents say security is important always or most of the time, while three quarters (74%) see similarly with regards to compliance. Yet only a third (33%) of respondents express confidence in meeting security objectives in the cloud.
So is this issue related to the lack of consensus over cloud security responsibility? Dr. Larry Ponemon, founder of Ponemon Institute, believes so. “The fact there’s so much confusion about how to properly secure and understand compliance mandates isn’t surprising considering most organisations today still aren’t sure who – internally – should be managing security for the cloud,” he said.
“It’s my hope that organisations will review this report and look in the mirror to see if they’re part of this group that is still allowing for so much confusion when it comes to secure cloud implementations,” he added.
The imbroglio between cloud providers and their customers has been covered in this publication before, most notably research from iland which argued vendors did not give customers as much support as possible. A quarter (26%) of respondents said the onboarding process took too long, 21% said the onboarding lacked a human aspect, while 18% had bill shock over their support costs.
Elsewhere, more than half (56%) of respondents say the ability to save money is by far the primary reason to use cloud resources.
- » Think of data as the new uranium rather than the new oil – and treat it like it’s toxic
- » Kubernetes as a service: What is it - and do you really need it?
- » Winning the IT availability war: How to combat costly downtime
- » Why cybersecurity needs to focus more on customer endpoints going forward
- » McAfee notes the gap between cloud-first and cloud-only – yet optimism reigns on success