InformationWeek Reports, a service provider for peer-based IT research and analysis, has announced the release of its latest research report titled 'Cloud Security: Verify, Don't Trust.' The report analyses results from InformationWeek's 2012 Cloud Security and Risk survey. More than 360 business technology professionals responded to this poll.
InformationWeek asked respondents to share their attitudes about cloud security and their approaches to assessing provider security controls, including the use of technical audits, vulnerability assessments and penetration tests. Survey participants were also asked about IT's use of auditing reports and documentation such as the SSAE 16 and the Cloud Security Alliance's CAIQ.
About 55 percent of respondents that use or plan to use or are considering cloud services say unauthorised access to or leak of proprietary data is a top concern, trumping issues such as performance and vendor lock-in. About 20 percent say cloud providers have superior security controls. Other findings reveal that 35 percent perform or plan to perform vulnerability assessments of cloud providers; another 5% do so or will do so even though their contract with the provider forbids it. About 28 percent run or will run at least one mission-critical application in the cloud.
The report author, Michael Davis, is CEO of Savid Technologies, a security consulting firm. The report is available online for members to download at http://reports.informationweek.com/abstract/5/8978/Cloud-Computing/research-cloud-security-verify-don-t-trust.html?cid=rpt_press_rls
