Providers of cloud computing services and their clients are not very concerned about the security of the data stored in the cloud, says a report by the Ponemon Institute.
The study—“Security of Cloud Computing Providers Study”—says the majority of cloud computing providers do not consider security of the data stored in their systems as one of their most important responsibilities, and their products or services do not substantially protect and secure the confidential or sensitive information of their customers.
The study also found that a majority of cloud providers believe it is the responsibility of users to secure the cloud and not the responsibility of cloud providers, according to the study. Providers of cloud services also say their systems and applications are not always evaluated for security threats prior to deployment to customers.
In addition, the report says, on average, cloud providers allocate 10 percent, or less, of their operational resources to security. Further, most are not confident that clients’ security requirements are being meet.
Cloud providers say the primary reasons clients purchase cloud resources are to cut costs, and to quickly deploy applications. Further, cloud providers say “improved security” and “compliance with regulations” are unlikely reasons clients chose cloud services.
Because of those finding, Ponemon recommends that cloud users be aware of their responsibility to assess security risks before placing data in a cloud. However, Ponemon predicts that as cloud users become more aware of the risks of not securing the data, they will demand their cloud vendors pay attention to security. Other findings of its study are:
The majority of cloud providers say they do not have dedicated security personnel to oversee the security of cloud applications, infrastructure or platforms.
Providers of private cloud resources appear to attach more importance on security—and have a higher level of confidence in their organizations’ abilities to meet security objectives—than providers of public and hybrid cloud solutions.
While security as a “true” service of a cloud computing service is rarely offered to users, about 33 percent of the cloud providers are considering such solutions as a new source of revenue during the next two years.