Research: Cloud Security: Verify, Don't Trust

Aug 09, 2012


Research: Cloud Security: Verify, Don’t Trust

A common question about the cloud is whether it’s more or less secure than a ­corporate data center. That’s an interesting question—and also the wrong one to ask. ­Instead, ­customers and potential customers of cloud services, whether IaaS, PaaS, SaaS or some other acronym, need to ask whether a cloud provider’s controls align with the amount of risk a customer is willing to take with its data.

Most cloud providers would say, “Trust us, we’re secure.” But you don’t have to (and shouldn’t) take them at their word. A variety of options are available for customers and ­potential customers to assess a cloud provider’s controls: basic questionnaires, standardized reports, technical audits, vulnerability scans and full-blown penetration attempts that put a cloud provider’s security to the test.

We’ll look at the options available to IT pros, outline the pros and cons of each and help you choose the best approach for deciding whether a cloud provider will take the same (or better) care with your data as you would. It’s not an easy task, but it’s a lot better than cleaning up the mess after a breach. (R5080812)

Survey Name  InformationWeek 2012 Cloud Security and Risk Survey

Survey Date  June 2012

Region  North America

Number of Respondents  369

Purpose  To examine IT professionals’ attitudes toward cloud security risks.

Methodology  InformationWeek surveyed 369 business technology decision-makers at North American organizations. The survey was conducted online, and respondents were recruited via an email invitation containing an embedded link to the survey. The email ­invitation was sent to qualified InformationWeek subscribers.

Research Report