Cloud service providers (CSPs) can no longer treat security as a luxurious add-on, and customers have to ensure their providers take care of the issue, a new report asserts.
The research, the latest cab off the rank from Ovum and FireHost entitled “The Role of Security in Cloud Adoption within the Enterprise”, offers sound advice to vendors and users alike. True, it’s stuff everyone will have heard before – but it’s worth repeating.
“On too many occasions, security has been positioned as an afterthought when new technology initiatives have been brought to market,” Ovum analyst Andrew Kellett writes. “Any service that includes access via public networks cannot ignore user and data protection requirements.”
It’s certainly a view FireHost agrees with. “For too long, businesses have made assumptions about the security of their cloud service providers,” said Eleri Gibbon, FireHost EMEA VP. “In the instance of a data breach, the client suffers the consequences. That doesn’t sit right with me – after all, if your house falls down unexpectedly, you’d expect people to ask questions about how it was built in the first place.”
It’s safe to say too that companies aren’t exactly over-confident in their providers’ ability to put out the fires. Ovum research shows 92% of enterprises globally have concerns with their CSP over shared cloud infrastructure security issues. It’s a similar number with a lack of control over where data is kept (92%) and a lack of visibility into security controls available (91%).
What may be driving this? If the CSP can’t deal with threats, don’t expect the customer to: a recent Informatica and Ponemon Institute study found 60% of global respondents were “not confident” they had the ability to proactively respond to cloud-based data threats.
However, not all is lost. Kellett argues security should be seen as a “positive driver” for organisations. “Despite well-known security and compliance concerns, there are positive to be gained from working with a cloud-based service provider that includes security and compliance facilities as baked-in components of its overall service delivery model,” he wrote.
“All cloud solutions should be expected to include elements of security as part of the overall offering, but not all cloud security has been created equally or built to achieve the same levels of protection,” he added.