Security is a relatively low priority for many cloud service providers, according to Security of Cloud Computing Providers, a new study conducted by the Ponemon Institute. Cloud providers and customers also have widely differing views on who’s most responsible for securing sensitive data, the study found.
Less than 30 percent of the 127 U.S. and European vendors surveyed said they considered security one of their “most important responsibilities,” according to the study. In addition, 62 percent of U.S. respondents and 63 percent of European respondents said they were either not confident or not sure that their services adequately protected customer information.
Such findings are surprising, given the well-publicized risks associated with the loss of sensitive data, according to a blog post by Dr. Larry Ponemon, the Institute’s president.
Many cloud vendors also don’t believe security is an important factor in how customers choose providers. Just 19 percent of American and 18 percent of European respondents said they considered security to be a competitive advantage. The top reasons customers migrate to a cloud environment include cost reduction, faster deployment time, and improved customer service, according to respondents.
Vendors and users also appear to have different perspectives on who should be most responsible for security in the cloud. Sixty-nine percent of providers believe customers are mainly responsible for security; in contrast, 35 percent of cloud users consider themselves responsible for security, according to an earlier Ponemon study. In addition, just 16 percent of cloud providers, compared to 33 percent of customers, believe security should be a shared responsibility.
Given the risks associated with losing sensitive data, however, “it is only a matter of time” before organizations will “demand enhanced security systems,” according to Dr. Ponemon's statement.
In the meantime, cloud customers should be aware of their responsibility to asses security risks before placing data in the cloud, he said. They must thoroughly "vet providers and their applications and infrastructure for their ability to safeguard information.” More cloud services providers and customers should also consider sharing responsibility for security, he said.
Graphic by Michigan Municipal League (MML)/Flickr