Public cloud customers concerned about security challenges - Study

A new Cloud Security Alliance (CSA) study, named “Sensitive Data in the Cloud,” has revealed that most global organizations are not fully confident in the effectiveness of their security controls in the public cloud.

 

The report, sponsored by Anjuna Security, is compiled from interviews with 452 IT and security professionals from various organization sizes and locations.

 

It revealed that more than 67% of respondents now use public cloud service providers to store sensitive data or workloads (CSPs). Although most respondents said they find CSP security controls to be somewhat (51%) or highly (38%) effective, this is not the case for their tooling.

 

Forty-four percent of respondents claimed they are only “moderately” confident. In contrast, 31 percent said they are not at all or slightly confident in their ability to protect sensitive data in the cloud.

 

This is significant, according to experts, because security in the cloud is a shared responsibility, meaning CSPs will only cover particular assets, procedures, and functions. According to the CSA, in an IaaS or PaaS model, the customer is still in charge of protecting any data, application logic and code, identity and access, and other elements.

 

The stress on internal cloud security efforts is also a result of skill shortages and gaps. Over 2.7 million workers are currently needed worldwide, with 402,000 of those needed in North America, 199,000 in Europe, and 33,000 in the UK.

 

According to Hillary Baron, senior technical director for research at the CSA, businesses are increasingly putting aside their initial concerns about the cloud and its alleged security flaws and storing their sensitive data in public cloud environments.

 

Baron continued by saying that, generally speaking, businesses are unsure of their capacity to safeguard sensitive data in the cloud. By bringing these problems to light, we can identify solutions and eventually bridge the gap between organizations’ lack of faith in CSP security controls and their perceived effectiveness in protecting sensitive data in the cloud.