The results of the Eighth Annual Global Information Security Survey were released last week and once again the theme is, ‘we see the value and understand the benefits but still scared about the provider’s ability to secure critical data and IT’s ability to control access to that data. CSO, CIO and PriceWaterhouseCoopers surveyed 12,847 technology and business executives from around the world and 62% of you have little or no confidence in your ability to secure any data in the cloud. 49% have ventured into the cloud but of those, 39% still have major questions about cloud security. Sounds familiar huh? The greatest risk to their own (your own) cloud computing strategy is the ability to enforce security policies at the cloud provider’s site. Inadequate knowledge/training and IT auditing also made the list. If you remember the PhoneFactor survey from last week, the biggest security concern was preventing unauthorized access to company data. Enforce security policy and prevent unauthorized access is almost the same thing. Enforcing a security policy should prevent unauthorized access. There needs to be more specific guidelines as to what types of data are acceptable for the cloud along with how to handle regulatory reporting of data in the cloud.
The CSO survey also found security concerns in regards to ‘third parties’. There is a concern about cloud vendors who use third parties to host data centers and hardware along with serious fears about our third party business partners. The vendor issue has to do with not knowing any of the people hired to work on your systems; with partners, many organizations are concerned that their own security is at risk if their associate’s or partner’s security has taken a hit over the last year. 77% felt that their strategic partners had been weakened by the recession over the last year. If you remember Verizon Business' "2009 Data Breach Investigations Report (pdf)" 32% of the data breaches implicated a business partner and in fact, the majority was due to lax security practices at the connection level from the third-party. In 2009, it was usually the third-party systems that were compromised and the attacker used the trusted connection to make inroads to the target. Since it’s coming from a ‘trusted’ authorized connection, these are difficult to detect and stop. The more things change, the more they stay the same.
Speaking of surveys, Lauren Carlson, a CRM Market Analyst asked me to share her short survey with you. Software Advice, a company that reviews CRM software, is conducting a survey on their blog to see who the real leader is in CRM.
And one from Confucius: Ignorance is the night of the mind, but a night without moon and star.
ps
The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24
Resources:
- Survey: Cloud Security Still a Struggle for Many Companies
- Business partners a growing security concern
- Four Indicators That CIOs Are Ready to Embrace Enterprise Cloud Computing
- Cloud computing sparks corporate IT budget growth
- Financial services firms look to cloud, grid, and clusters to allay fears over data explosion
- Cloud Computing Services on the Rise, Survey Finds
- Early Adopters Now Running 60 to 70 Percent of Business Applications in the Cloud
- Can my PAN ride the LAN out the WAN?
- The Domino Effect
Technorati Tags: F5, infrastructure 2.0, integration, cloud computing, Pete Silva, security, business, education, technology, application delivery, cloud, context-aware, infrastructure 2.0, web, internet
twitter: @psilvas
No comments:
Post a Comment