June 15, 2011 at 12:02 pm #132908
Title: Security of Cloud Computing Providers Study
Published date: April 2011
I. Executive Summary
CA Technologies and Ponemon Institute are pleased to present the results of the Security of Cloud Computing Providers Study. This paper is the second in a two-part series about the state of security in the cloud. The first study released in May 2010 was entitled, Security of Cloud Computing Users.
The purpose of both studies is to learn how users and providers of cloud computing applications, infrastructure and platforms are addressing the need to safeguard information in the cloud. In Parts I and II of this report (Executive Summary and Key Findings), we present the results of the cloud provider study. In Part III, we compare and analyze the results of the cloud provider and cloud user studies.
Cloud computing has been defined as the use of a collection of distributed services, applications, information and infrastructure comprised of pools of computer, network, information and storage resources. These components can be rapidly orchestrated, provisioned, implemented and decommissioned using an on-demand utility-like model of allocation and consumption.2 Cloud service delivery models are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
We surveyed 103 cloud service providers in the US and 24 in six European countries for a total of 127 separate providers. Respondents from cloud provider organizations say SaaS (55 percent) is the most frequently offered cloud service, followed by IaaS (34 percent) and PaaS (11 percent). Sixty-five percent of cloud providers in this study deploy their IT resources in the public cloud environment, 18 percent deploy in the private cloud and 18 percent are hybrid.
Cloud computing providers: Most salient findings
Following is a summary of the most salient findings from our study of cloud computing providers. We expand upon these findings in the next section of the paper.
* The majority of cloud computing providers surveyed do not believe their organization views the security of their cloud services as a competitive advantage. Further, they do not consider cloud computing security as one of their most important responsibilities and do not believe their products or services substantially protect and secure the confidential or sensitive information of their customers.
* The majority of cloud providers believe it is their customer’s responsibility to secure the cloud and not their responsibility. They also say their systems and applications are not always evaluated for security threats prior to deployment to customers.
* Buyer beware – on average providers of cloud computing technologies allocate10 percent or less of their operational resources to security and most do not have confidence that customers’ security requirements are being met.
* Cloud providers in our study say the primary reasons why customers purchase cloud resources are lower cost and faster deployment of applications. In contrast, improved security or compliance with regulations is viewed as an unlikely reason for choosing cloud services.
* The majority of cloud providers in our study admit they do not have dedicated security personnel to oversee the security of cloud applications, infrastructure or platforms.
* Providers of private cloud resources appear to attach more importance and have a higher level of confidence in their organization’s ability to meet security objectives than providers of public and hybrid cloud solutions.
* While security as a “true” service from the cloud is rarely offered to customers today, about one-third of the cloud providers in our study are considering such solutions as a new source of revenue sometime in the next two years.
June 15, 2011 at 12:29 pm #132913
June 16, 2011 at 12:48 pm #132911
That attitude is why I won’t use ‘the cloud’. And it’s only perpetrated by PR that touts the ‘access it anywhere’ aspect and doesn’t touch on the fact that anyone else can too.
In my opinion, anything you put out on the net, ANYTHING, is vulnerable to someone else looking at it. I can’t recall how many programs I have that have ‘X gig of free online storage’ that I will not use. If I want to store something, that’s what flash drives are for, or portable harddrives, or CD/DVD’s.
That said, I can certainly see the benefit of ‘I’ll put your presentation out there Mr Jones, and you can download it when you get to the conference’.
But I think anyone that puts anything on the effect of a ‘shared drive’ needs to realize putting it on the cloud is the same as setting it out on your general network drive at work….theoreticaly ‘anyone’ can access it and it’s about as secure as setting your file out on your front porch.
I give it 3-5 years before some massive and crippling security breach makes these companies do an abrupt 180.
You must be logged in to reply to this topic.