According to a recent report sponsored by CA Technologies and conducted by the Ponemon Institute, a privacy and security group, less than half of software-as-a-service users and platform-as-a-service users in the United States (45% and 46% respectively) say they looked closely at their vendor's security arrangements before signing on. The report, which examines the security and privacy implications of cloud computing, is based on a survey of 642 U.S.-based and 283 European IT "practitioners."
Europe comes off a little better: more than half of SaaS and PaaS users overseas (61% and 52%, respectively) say they checked out their service providers' security set up. And both groups seem to know better when it comes to infrastructure-as-a-service, with 51% in the U.S. and 66% in Europe checking on security arrangements before contracting for infrastructure services. Perhaps that's because tapping a third party for infrastructure services is a more familiar maneuver and the security implications are more obvious.
Security is emerging as one of cloud computing's most consequential and troubling issues. IT managers, or anyone contemplating employing cloud computing resources, can't simply ignore it or abdicate responsibility for it to the service provider. In a checklist of issues to be resolved, security should be near the top.Security is one of the most fundamental and important functions in IT today. That's why it's surprising (shocking, even) that a significant, in some cases majority, of cloud users don't evaluate their service providers' security strategy before entering into a relationship.