Insecure Cloud Services As Providers Focus on Low-cost, Fast Solutions

Jay Decenella, IT audit expert
May 04, 2011 /

Cloud services providers often neglect security as customers’ demand for low cost and fast solutions weighs more on their priorities, according to a study published by the New York-based IT services firm CA Technologies.

Cloud computing services, whose revenue is projected by accounting firm KPMG to hit $148.8 billion globally by 2014 from $68.3 billion in 2010, provide computational resources like applications, databases, and file services among others,  through a network of computers.

A total of 127 cloud services providers, 103 in USA and 24 in six European countries, responded to the CA-sponsored survey conducted recently by Ponemon Institute LLC, saying they could not give assurance of sufficiently secure products or services.

Majority of the respondents view their cloud services as void of protective features for sensitive data. Only a few of them strongly believe their IT leaders give importance to the security of cloud computing provided to customers.

The study shows that only 19% of service providers in USA and 18% in Europe consider security in the cloud to be a competitive advantage in the market, which may explain why there is little concern being given to it by most IT professionals.

On top of these findings, 79% of respondents admit their organizations allocate only 10% or less of their resources to IT security and control-related activities. These cloud services providers believe their customers are not entirely after the security features of the products or services.

Asked why they would purchase cloud services, the end-users cited reduced cost, faster deployment time, improved customer service and increased efficiency as the top reasons. There was little or no mentioning of security and compliance with contractual agreements or policies.

CA Technologies says these priorities, in turn, create a “security hole”. This explains why 62% of US and 63% of European cloud providers have no confidence in the security of their cloud applications.

The study is the second in a two-part survey and revolves around the behavior of cloud services providers. The first study was published in May 2010, which focused on users of the cloud.

Comparing the two studies, CA Technologies concludes that “neither the company that provides the services nor the company that uses cloud computing seem willing to assume responsibility for security in the cloud.”

Cloud computing users are not vigilant in conducting audits or assessments of cloud computing providers before deployment, adds the IT services firm.

Based on the two surveys conducted, both the cloud users and providers are hurling against each other the responsibility of ensuring security in the cloud. As a result, the users are frustrated that decisions of using cloud applications lie in the end-users who may not have enough expertise to evaluate security risks.

“These different perceptions between cloud providers and cloud users about who is responsible for securing the cloud means organizations may be over relying on their cloud vendors to ensure safe cloud computing,” the firm noted.

CA also advised the cloud services providers and users to work together to create “a secure and less turbulent computing environment.”


Share your opinion