Cloud Computing Security Issues

eWeek reports: A new survey of IT professionals has painted a troubling picture of enterprise approaches to cloud computing security.

According to the survey, which was done by Symantec and the Ponemon Institute, many organizations are not doing their due diligence when it comes to adopting cloud technologies, which may partly be due to an ad hoc delegation of responsibilities.

Among the findings: few companies are taking proactive steps to protect sensitive business and customer data when they use cloud services. According to the survey, less than 10 percent said their organization performed any kind of product vetting or employee training to ensure cloud computing resources met security requirements before cloud applications are deployed.

In addition, just 30 percent of the 637 respondents said they evaluate cloud vendors prior to deploying their products, and most (65 percent) rely on word-of-mouth to do so. Fifty-three percent rely on assurances from the vendor. However, only 23 percent require proof of security compliance such as regulation SAS 70.

The researchers speculated this may be due to a gap between the people employees think should be responsible for evaluating cloud vendors and who actually is. For example, 45 percent said that responsibility resides with end users, while 23 percent said business managers. Eleven percent said the burden belonged to the corporate IT team, while nine percent said information security.

However, a total of 69 percent said they would prefer to see the information security (35 percent) or corporate IT teams (34 percent) lead the way in that regard. Most often, security teams are not part of the decision-making process at all when it comes to the cloud. Only 20 percent said their information security teams played a part on a regular basis, and 25 percent said they never do.