Symantec Study Shows Lack of Procedures, Policies for Cloud Security
A recent study by Symantec Corp. of IT professionals revealed that most companies have a long way to go to ensure that data placed in the cloud remains secure.
The survey of some 637 senior-level IT professionals employed at businesses ranging in size from 1,000 to 25,000 employees, conducted by the Ponemon Institute, a Traverse City, MI-based researcher specializing in information security, indicated that many organizations lack the procedures, policies and tools necessary to secure data in the cloud.
Only 27 percent of survey participants said that the companies for which they work have put in place procedures to approve cloud applications that use sensitive or confidential information.
Specifically, the study revealed that only 23 percent of the organizations surveyed required vendors to provide proof of security compliance and a mere six percent relied on third-party assessments by experts or auditors.
The study also showed that only 20 percent of businesses involve their security teams in the decision-making process when evaluating cloud computing vendors.
"Despite widespread interest in cloud computing technologies, many organizations are 'flying blind' with respect to making them secure, potentially putting their business operations, company data and customer information at risk," said Justin Somaini, Symantec chief information security officer.
In other findings from the study, only 19 percent of respondents said that their organizations provided data security training that included cloud computing. Forty-two percent said that their company's general data security training does not cover cloud applications.
Researcher Ponemon suggested that given the expected growth of cloud computing the results point to a curious lack of concern by businesses for the security of sensitive and confidential data residing in the cloud.
"Cloud computing holds a great deal of promise as a tool for providing many essential business services, but our study reveals a disturbing lack of concern for the security of sensitive corporate and personal information as companies rush to join in on the trend," said Larry Ponemon, chairman and founder of the Ponemon Institute.
Ponemon recommended that to address security concerns, company should build and implement policies and procedures to screen and qualify cloud computing vendors.
"Cloud computing vendors must also be willing to adopt a more transparent posture," Ponemon said.