Report: Cloud Security Still a Work in Progress

Cloud computing strategies have only been on corporate IT radars for a few years now, but during the time, the way those teams perceive, procure and regulate the technology has changed significantly. The latest Ponemon Institute report details widespread progress since the release of its 2010 predecessor, but it seems companies are still figuring out the finer points of how to adapt data security solutions to virtual environments.

According to Ponemon researchers, companies have grown more diligent and confident in applying cloud security best practices during the intervening years between studies. Progress is a relative term, however. While there were genuinely encouraging indicators to be found, only half of all survey questions involving data protection protocols, cloud service confidence and technical knowledge were "affirmative."

"While cloud computing is still one of the most disruptive and promising trends of the past decade, our study shows that cloud security struggles to get past a grade of 50 percent when it comes to best practices, including the percentage of organizations that say they engage their security teams in determining the use of cloud services [across the company]," CA Technologies security manager, and survey sponsor, Mike Denning explained. "We believe that organizations can do better and gain the benefits of cloud computing by reducing risk and achieving that desired balance of protection and business enablement."

Division of duties
One of the most prevalent sticking points in data security assurance programs was how companies collaborated with their cloud hosting partners. While the ethic of shared responsibility has been trumpeted around IT discussion boards and industry events, a surprising number of survey respondents were actually seen passing the buck to end users and cloud providers. Just 8 percent of respondents directly assigned oversight duties to IT security teams within Software-as-a-Service operating models. By comparison, 36 percent and 31 percent felt those responsibilities resided primarily with the third-party provider and end user, respectively.

These missed connections could trigger serious security breaches if left untreated while workloads swell, according to Dark Reading. In fact, a number of companies are still struggling to verify the efficacy of such basic governance tasks as user authentication and access control.

To root out these vulnerabilities before information management tasks grow even taller in the coming months and years, IT teams should explore the value of cross-platform data encryption software which can protect assets across all stages of the corporate communications lifecycle.