A recent IDG Enterprise cloud study suggests that organizations are finally getting over some long-held reservations about cloud security, but they also want vendors to be more transparent about the controls they use to protect customer data in the cloud.
About 75 percent of the nearly 1,700 IT managers polled in the IDG survey said they were somewhat to very confident in the security of information they have in the cloud, a number roughly the same as the previous year. However, nearly 6 out of 10 of the same respondents also said they could not embrace the cloud more fully until service providers show they meet corporate compliance requirements.
In other words, IT managers appear willing to trust cloud vendors with their data, but they want to be able to verify that the trust is not misplaced.
The attitude is not surprising considering the high number of data breaches that have been reported in recent times. The incidents have significantly heightened concerns about the adequacy of the security controls and processes being used by enterprises to protect data, both on premise and in the cloud.
So, even as organizations appear more ready than ever to embrace the cloud, many remain worried about their ability to enforce security requirements at the provider’s site. For more than 6 out of 10 enterprises, security still remains the biggest impediment to deploying cloud applications.
The survey shows clearly that cloud computing technology vendors need to be more transparent about their security practices if they want to become a trusted partner to enterprises in this environment. It is not enough for vendors to merely attest to their security controls; they also need to be able prove it.
Nearly two-thirds of the survey takers said they want regular security updates from their cloud provider. About 60 percent want to see vendors implement continuous monitoring and access control policies over customer accounts, while almost the same percentage said they want to see cloud vendors incorporate security into their system development lifecycle.
Service providers can help sell the benefits of cloud computing to internal stakeholders, while mitigating security concerns, through several practices, such as allowing onsite audits, adopting industry standards, conducting background checks on employees, or maintaining interoperability with existing enterprise security controls.
Big organizations are clearly in a better position to demand such transparency from cloud vendors than their smaller and medium-sized counterparts. But cloud providers would be well served by proactively offering such transparency to all prospective customers. With so many organizations seeing security as critical to cloud adoption, greater transparency could become a competitive differentiator for cloud vendors.