New research released today by enterprise cloud hosting provider iland has revealed almost half (47%) of security workers “simply trust” their cloud providers to meet security agreements.
The findings, from 100 IT decision makers and security experts, appear in a study whose title – ‘Blind Trust is Not a Security Strategy: Lessons from Cloud Adopters’ – lays the problem on thick. Even though 78% of firms polled are using the cloud in some capacity, and more than half (56%) of respondents say security technology is more consistently applied in the cloud, the report insists vendors need to do more to keep things safe.
This will not come as a major surprise to regular readers of this publication, with a study released in June last year from iland saying largely the same thing. Back then, the finger was pointed at rogue vendors not sharing metadata with customers. Customers, ranging from one third to half of respondents, had various concerns over how closely their provider looks after them – the idea that they were ‘just another account number’.
Customers are not immune either however; the research also found a ‘significant’ gap in IT understanding of compliance requirements, with 96% of security professionals admitting their firms have compliance-related workloads in the cloud compared to just 69% of IT teams. David Monahan, research director of security and risk management at Enterprise Management Associates, who conducted the study with iland, argues a lack of staff and skills are holding firms back. “Companies can no longer combat security threats by simply throwing technology at perceived vulnerabilities,” he said.
On the plus side, business and IT are more likely to be on the same page with regard to cloud security, and if IT is reluctant to push a new application because of security fears. iland calls this a ‘fundamental shift in dynamics’, yet Monahan added: “While IT has made monumental progress in identifying and adopting necessary security technologies, cloud providers must do more to ensure teams can easily validate claims, manage disparate tools, anticipate threats and take action when needed.”