No doubt about it, cloud security has steadily improved over the years. If you did doubt it, a recent study by the Ponemon Institute, “Security of Cloud Computing Users 2013,” found that IT professionals believe there has been an improvement in cloud security since a 2010 study that researched the same topic. That’s good news, […]
No doubt about it, cloud security has steadily improved over the years. If you did doubt it, a recent study by the Ponemon Institute, “Security of Cloud Computing Users 2013,” found that IT professionals believe there has been an improvement in cloud security since a 2010 study that researched the same topic. That’s good news, especially for those who have balked about moving corporate data to the cloud because of the security concerns.
Top 10 Issues Eroding Cloud Confidence
Still, there are a lot of questions about cloud security that even professionals struggle to answer, and one of those questions is who is responsible for the security in the cloud. According to an article posted to ISS Source:
The survey shows a concerning lack of agreement remains regarding who has responsibility for cloud security. While some organizations expect their cloud services providers to ensure the security of Software as a Service (SaaS) and Infrastructure as a Service (IaaS) applications (36 percent and 22 percent, respectively), responsibility also goes out to companies’ end users (31 percent for SaaS; 21 percent for IaaS), and very little responsibility went to IT security (eight percent for SaaS and 10 percent for IaaS). This relinquishment of responsibility points to a lack of clarity around ownership, which may lead to gaps in security processes and governance.
Who is responsible for cloud security is a question that comes up frequently in conversations and cloud forums that I visit, and the study’s results mirror most of those conversations. Cloud security is complex because of all the different players involved. I think it is interesting how much responsibility for security is given to the end user and how little lies within IT security. I suspect that BYOD has a lot to do with that, since a growing number of employees access the cloud via their personal mobile devices.
In my opinion, we shouldn’t look at cloud security in terms of who is responsible or who owns it, but rather, how is it best shared? Yes, end users need to be responsible for making sure their devices are protected and that they are engaging in security best practices. IT security professionals need to make sure that the links between data in the cloud and those using the network are secure. Cloud providers must own up to protecting their servers and clients from hackers. Would cloud security improve if we begin to think of it as a joint responsibility instead of pointing fingers at someone else?
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
