Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, April 08, 2010

Cloud computing risks outweigh benefits, survey finds

A new survey is finding a continued level of angst among IT professionals administering cloud computing projects within their organizations.  The survey of more than 1,800 U.S.-based IT professionals found that 48% said Software as a Service (SaaS) and cloud computing risks outweigh the benefits.  The survey was conducted by Rolling Meadows, Ill.-based Information Systems Audit and Control Association (ISACA), the IT security governance organization that administers security certifications.

Business leaders at enterprises have been moving the organization to cloud computing to cut costs by outsourcing the management of IT infrastructure.

The down economy has driven many firms to consider cloud-based services, including utility-type computing offered by Amazon’s EC2 utility service and Microsoft’s Azure cloud computing platform.

The risks identified included the ability of hackers to infiltrate cloud computing platforms and use the cloud infrastructure to attack other machines as well as insecure application programming interfaces (APIs) that can leave holes that lead to data leakage.  Robert Stroud, vice president of ISACA, said the survey results shouldn’t be surprising given that IT professionals, especially members of ISACA, take a cautious approach to new technologies and carefully measure cloud computing risks, he said.  “A good training regime and process automation can go a long way towards making risk a consideration, but also making it be accepted,” said Stroud, vice president of IT service management strategy at New York-based CA Inc. said.

Only 10% of respondents’ organizations plan to use cloud computing for mission-critical IT services and one in four (26%) do not plan to use it for any IT services.

“For mission critical data we’re just starting on that journey,” Stroud said.

Regulations, standards obstruct cloud adoption Compliance is a major hindrance causing enterprises to take a slow approach to many cloud-based projects, said Jim Reavis, co-founder and executive director of the Cloud Security Alliance.  About half of those surveyed said IT risk and compliance related projects will receive roughly the same investment in 2010 as in 2009.  For example, the group has worked with the PCI Security Standards Council to develop a framework—a cloud controls matrix—to determine a reasonable set of controls that a cloud-based provider must implement versus the controls that must be implemented by the enterprise.,289142,sid14_gci1508319,00.html?track=sy160&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+techtarget%2FSearchsecurity%2FSecurityWire+%28SearchSecurity+%3A+Security+Wire+Daily+News%29

Posted on 04/08