Who should look after cloud data – the CSP or the end user? Execs undecided
The debate over whether the end user or the cloud service provider (CSP) should be responsible for data security has been reopened after new research from Armor and Ponemon Institute proved inconclusive.
The survey, which quizzed 990 US and UK-based CIOs, CISOs and directors of IT operations, found almost a third (31%) expect their cloud provider to keep SaaS applications secure, while 20% believe the customers are more responsible and only 16% argue it is a shared responsibility.
While 15% of organisations polled believe the IT security team should be most accountable for securing SaaS applications, 60% admit IT security is rarely or never involved when it comes to evaluating cloud services.
Not surprisingly, 79% of respondents say security is important always or most of the time, while three quarters (74%) see similarly with regards to compliance. Yet only a third (33%) of respondents express confidence in meeting security objectives in the cloud.
So is this issue related to the lack of consensus over cloud security responsibility? Dr. Larry Ponemon, founder of Ponemon Institute, believes so. “The fact there’s so much confusion about how to properly secure and understand compliance mandates isn’t surprising considering most organisations today still aren’t sure who – internally – should be managing security for the cloud,” he said.
“It’s my hope that organisations will review this report and look in the mirror to see if they’re part of this group that is still allowing for so much confusion when it comes to secure cloud implementations,” he added.
The imbroglio between cloud providers and their customers has been covered in this publication before, most notably research from iland which argued vendors did not give customers as much support as possible. A quarter (26%) of respondents said the onboarding process took too long, 21% said the onboarding lacked a human aspect, while 18% had bill shock over their support costs.
Elsewhere, more than half (56%) of respondents say the ability to save money is by far the primary reason to use cloud resources.
- » Skybox and Zscaler team up for stronger cloud firewall integration
- » StackRox and Skybox reports warn of dire consequences if container security is not addressed
- » What’s in your cloud? Key lessons to learn after the Capital One breach
- » How public cloud will become the driving force for connected cars
- » The state of the MSP in 2019: Why flexibility and further moves to the cloud are key