Last year, Ponemon Institute and Thales e-Security comprehensive study reported how organizations influence the spread of cloud computing security measures and how to manage the risks. This year, more than 4,000 organizations participated in the survey showed more organizations have already putting sensitive data in the cloud.
But, the adoption of cloud based services is still immature in terms of security and privacy, reveals the survey. Over half of respondents (53%) stated that their organizations currently transfer confidential data in the cloud, but only 30% of them said they were unaware of how their cloud provider protects data.
The results indicate an immature state and immaturity give rise to illusions. The proportion of organizations using the cloud for sensitive data is five times higher than people would have thought. It is equally surprising that there is a significant increase in respondents’ confidence in the ability of cloud providers to protect sensitive and confidential data entrusted to them.
Nearly 56% of respondents said they were confident, up from 41% a year ago, but most do not know how we protect your cloud provider, and 35% feel that the use of low cloud their responsibility in security.
Another indicator of the immaturity among organizations on cloud adoption is that there is still no standard to describe the security of cloud and no standards or certifications to show how safe is cloud service.
The study also revealed that organizations that transfer sensitive or confidential data in the cloud, 33% believe cloud provider is responsible for protecting data. The stats also reveal that participants believe cloud security responsibility lies with cloud consumer and about four times the number who considers that security is a shared responsibility.
However, it seems companies have started to recognize that software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS) are different. The survey results show that most SaaS users (60%) and those PaaS (38%) see the cloud provider primarily responsible for protecting sensitive and confidential data, while most IaaS users (41%) users see the cloud as the main responsible in this regard.
The report said that it is important to develop an industry standard communication about security, so users should adopt cloud informed decisions. Organizations like the Cloud Security Alliance (CSA) has a key role in identifying security requirements and offering cloud consumers a standard checklist for assessing cloud security services. As an initiatives, European Commission have started examining specifically the issue of protection of personal data in order to include relevant security in cloud contracts with an aim to provide a working model suitable for all situations.