A hazy view of cloud security

* More than three-quarters of the respondents in a recent survey couldn't say who they believe should be responsible for data housed in a cloud environment

A recent survey of 384 business managers from large enterprises revealed that confusion abounds about cloud data security. More than three-quarters of the respondents couldn't say who they believe should be responsible for data housed in a cloud environment, while 65.4% said that the company from which the data originates, the application provider and the cloud service provider are all responsible, and another 13% said they were not sure. There was no consensus on who the single party should be that protects that data.

Cloud security: the basics

Courion conducted the global survey in October querying 384 business managers from large enterprises -- 86% of which had at least 1,000 employees. Among the other findings:

* 1 in 7 companies admit that they know there are potential access violations in their cloud applications, but they don't know how to find them.

* There is widespread confusion about who is responsible for securing cloud data -- 78.4% of respondents could not identify the single party responsible.

* Nearly half (48.1%) of respondents said they are not confident that a compliance audit of their cloud-based applications would show that all user access is appropriate.  An additional 15.7% admitted they are aware that potential access violations exist, but they don't know how to find them.

* 61.2% of respondents said they have limited or no knowledge of which systems or applications employees have access to.  This number spiked from 52.8% in 2009.

* Enterprises are less confident this year than in 2009 that they can prevent terminated employees from accessing one or more IT systems.  And 64.3% said they are not completely confident, compared with 57.9% last year.

These are frightening results. Business managers don't know who is responsible for protecting their data -- they don't even know who should be responsible. It's quite possible, given these results, that no one is taking on that responsibility!

It isn't only the data stored in the cloud that is at risk, of course. Any data linked to cloud-based applications is also at risk. Organizations need to know who is responsible for protecting that data and how it is being done. And that all starts with robust identity services so that only authorized persons get access and all access can be tracked back to the user.

Who's protecting your data?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.