SlideShare a Scribd company logo

What You Haven't Heard (Yet) About Cloud Security

Download as PPTX, PDF
CloudPassage
CloudPassage

Did you know that 4 out of 5 companies are using cloud architectures? Did you also know that 22% of cloud hosting users believe that their cloud service provider is responsible for the security of their cloud server instances, yet 38% have a high level of concern with losing control of their servers and data in public cloud environments? Join Andrew Hay, Chief Evangelist at CloudPassage, and Wendy Nather, Research Director at 451 Research, as they dive into these and other findings from the CloudPassage 2012 Security and the Cloud survey. Wendy Nather will also discuss cloud security related trends and observations from 451 Research's findings. During this live 30-minute webinar, you will learn about: -The challenges and fears identified by individuals looking to embrace cloud architectures -Current cloud adoption trends and future individual and organizational expansion plans -How people are securely delivering applications using cloud architectures

1 of 33
#CloudSec13 What You Haven't Heard (Yet) About Cloud Security Andrew Hay Wendy Nather Chief Evangelist, Research Director, CloudPassage, Inc. Enterprise Security, 451 Research
Session Agenda • Cloud security trends and observations from 451 Research • Current cloud adoption trends and future individual and organizational expansion • How people are securely delivering applications using cloud architectures
Trends in Cloud Security Wendy Nather, Research Director, Enterprise Security
Cloud forecast: Relatively sanguine Large numbers of enterprises using some form of cloud services Most say they’re concerned about security And yet … Most don’t plan to use security!
Security Requirements for Cloud What security-related requirements did you or will you require of your cloud computing? Please include certifications, qualifications, frameworks, and functionality in your response.* Informal Due Diligence 25% Datacenter Certification 13% SSAE 16 6% PCI 6% Formal Risk Assessment 6% CSA 6% Contractual Security Requirements 6% Agreement to SLAs 6% Source: None 38% TheInfoPro, a service of 451 Research Daniel Kennedy n=16. *Note that due to multiple responses per interview, totals may exceed 100%. dkennedy@theinfopro.com
Application Hosting ‘in the Cloud’: Finance and HR Systems How concerned is your organization about the security of these types of applications running ‘in the cloud’, where cloud in this context denotes external hosting? Finance Systems HR Systems Extremely Concerned 50% Extremely Concerned 46% Very Concerned 21% Very Concerned 31% Somewhat Concerned Somewhat Concerned 8% Minimally Concerned 29% Minimally Concerned 15% Source: Not at All Concerned Not at All Concerned TheInfoPro, a service of 451 Research Daniel Kennedy dkennedy@theinfopro.com Left Chart, n=14; Right Chart, n=13. Information Security Wave 15
Application Hosting ‘in the Cloud’: ERP Solutions and Email How concerned is your organization about the security of these types of applications running ‘in the cloud’, where cloud in this context denotes external hosting? ERP Solutions Email Extremely Concerned 36% Extremely Concerned 23% Very Concerned 36% Very Concerned 31% Somewhat Concerned 9% Somewhat Concerned 23% Minimally Concerned 9% Minimally Concerned 8% Source: Not at All Concerned 9% Not at All Concerned 15% TheInfoPro, a service of 451 Research Daniel Kennedy Left Chart, n=11; Right Chart, n=13. dkennedy@theinfopro.com Information Security Wave 15
Application Hosting ‘in the Cloud’: Database/Data warehouses How concerned is your organization about the security of these types of applications running ‘in the cloud’, where cloud in this context denotes external hosting? Database/Data warehouses Extremely Concerned 23% Very Concerned 46% Somewhat Concerned 8% Minimally Concerned 8% Not at All Concerned 15% Source: TheInfoPro, a service of 451 Research Daniel Kennedy n=13. dkennedy@theinfopro.com Information Security Wave 15
Types of Cloud-based Security Services: Part 1 Including those delivered by MSSPs, what types of cloud-based security services are you using today? Intrusion Content Filtering, Secure Email, or Detection/Prevention, Firewalls, VPNs Based Anti-virus/Anti-Spam on SSL, or Wireless Security Using Using 14% 7% In Plans for In Plans for Next 18 Next 18 Months Months 7% 29% Not in Plan 64% Not in Plan 79% Source: TheInfoPro, a service of 451 Research Daniel Kennedy dkennedy@theinfopro.com Left Chart, n=14; Right Chart, n=14. Information Security Wave 15
Types of Cloud-based Security Services: Part 2 Including those delivered by MSSPs, what types of cloud-based security services are you using today? Security Information Event Log Management (SIEM), or Vulnerability/Risk Management In Plans for Next 18 Months 7% Not in Plan 93% Source: TheInfoPro, a service of 451 Research Daniel Kennedy dkennedy@theinfopro.com n=14. Information Security Wave 15
Who, what and why … More organizations are moving to cloud - Well-defined, granular business operations that go well with SaaS - CRMs (hello Salesforce!) - Email - Office-like applications - Human resources - Payroll - Disposable, clonable uses - Development and testing - Honeypots and honeyclients - Data processing and analysis
What’s going to be slower Legacy stacks Distributed systems with multiple owners  Governance issues  Getting the right level of multi-tenancy  Version drift and overall inertia http://www.shaldon-devon.co.uk
What’s more likely More aging-out of legacy systems and greenfield migration to new ones (particularly pre-packaged IaaS, PaaS and SaaS) Changing business processes to fit into cloud (hello Procrustes!) Why? Because the cloud has more economies of scale and better security when there are fewer options.
How to mitigate the risk Risk from dynamic Well-documented, secure environment VM lifecycle Risk from larger scale Build fail-safes into your fail-safes Dormant VM risk Authentication, encryptio n Shared risk Well-documented processes, contracts Unknown risk Visibility (real-time & historical)
TheSecurity andand the 2012 2012 Survey The Security the Cloud Cloud Survey
The Security and the Cloud 2012 Survey • Started on August 10th, 2012 • Questions about current cloud usage, future deployment plans, and security and compliance related concerns • Asked to identify the types of cloud, virtual, and physical compute architectures currently in use
TotalNumber of Servers Total Number of Servers Number of servers in organization “More than half (55.3%) of respondents own and operate between 101 and 5,000 servers – a range often representing the typical enterprise organization server deployment spread.” – Andrew Hay, CloudPassage, Inc.
Cloud Adoption Breakdown Cloud Adoption Breakdown Breakdown of cloud hosting environments being used “The majority of respondents claim that they only have between 1 and 25 percent of their servers in public cloud architectures – a modest 10.1% increase compared to public cloud architecture deployment for the same range.” – Andrew Hay, CloudPassage, Inc. Which cloud environment did you use first? “The majority of respondents (52.2%) claimed that private cloud was their first cloud architecture while only 28.9% claimed public cloud.” – Andrew Hay, CloudPassage, Inc.
Cloud Adoption Cloud Adoption
Server Breakdown Server Breakdown Percentage of servers in use, by compute environment
HowPublic Cloud Servers Are Used Used How Public Cloud Servers Are How do you use your public cloud servers today? “The top 3 public cloud use cases, based on responses, appear to be the deploying of external applications (25.9%), the deploying of internal applications (22.4%), internal development and testing (20.9%).” – Andrew Hay, CloudPassage, Inc.
Single Biggest Cloud Use Case Single Biggest Cloud Use Case “If we were to remove the ‘we do not host applications in public cloud environments’ answers, in addition to ‘other’, the data points to 41% of respondents claiming that the deploying of external applications is their single biggest concern.” – Andrew Hay, CloudPassage, Inc.
HowPublic Cloud Servers Will Be Used Be Used How Public Cloud Servers Will How will you use your public cloud servers in 2013? “The only category due to decrease over the next year is the „we do not host applications in public cloud environments‟ answer.” – Andrew Hay, CloudPassage, Inc.
WhoOversees Cloud Security? Who Oversees Cloud Security? Who oversees cloud security in your organization? “The majority of respondents (25.9%) claimed that central systems administrators, infrastructure or DevOps professionals oversaw cloud security within their organization.” – Andrew Hay, CloudPassage, Inc.
Cloud Security Concerns in 2012 Cloud Security Concerns in 2012 Concerns about public cloud hosting
Cloud Security Concerns Single Greatest Cloud Security Concern Concern change, 2011 to 2012 “In 2011 we saw 16.4% state they had no concerns but in 2012 the percentage of respondents that selected this answer was a mere 7%. We attribute this to a combination of education about security challenges in cloud environments and an increase in the number of high profile breaches since our 2011 survey.” – Andrew Hay, CloudPassage, Inc.
Best‘Other’ Comment Best „Other‟ Comment Q: What is your absolute greatest security concern about the public Cloud? A: Clouds are for angles “One respondent claimed that they didn’t use a cloud as ‘clouds are for angles’ – which we believe was either a typo or some sort of existential geometry argument that we simply don’t understand.” – Andrew Hay, CloudPassage, Inc.
TheSurvey: Findings Findings The Survey: Key – 4 out of 5 respondents stated that their companies are actively using cloud architectures – Concerns about multi-tenancy, the lack of perimeter defenses and/or network controls, and provider access to guest servers show significant decrease since our 2011 survey
TheSurvey: Findings Findings The Survey: Key – Business critical applications are now running in the public cloud with publicly facing applications leading amongst all other use cases – The biggest growth area for 2013 appears to be in the utilization of public cloud for variable workload bursts with a projected 70% increase in deployment
TheSurvey: Findings Findings The Survey: Key – Concerns for compliance with PCI and other standards in public cloud remain high – Users are becoming smarter about security in cloud environments with nearly 80% stating that they are aware that the security of their servers is not the sole responsibility of their cloud service providers
The Survey: Findings Examine The Findings For Yourself cloudpassage.com/resource-center/get/security-and-the-cloud-2012
Questions? Wendy Nather Andrew Hay Research Director at 451 Research Chief Evangelist at CloudPassage @451wendy @andrewsmhay
Thank You www.cloudpassage.com @cloudpassage

Recommended

113 online suicide prevention: First two year results presented at the ESSSB1...
113 online suicide prevention: First two year results presented at the ESSSB1...113 online suicide prevention: First two year results presented at the ESSSB1...
113 online suicide prevention: First two year results presented at the ESSSB1...
Jan Mokkenstorm
 
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
Dana Gardner
 
Building Great Companies on the Cloud
Building Great Companies on the CloudBuilding Great Companies on the Cloud
Building Great Companies on the Cloud
Roman Stanek
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
Dana Gardner
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of Sonatype
Contrast Security
 
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Tim O'Brien
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Sonatype
 
"Wait, Wait! Don't pwn Me!"- AppSec Europe 2014
"Wait, Wait! Don't pwn Me!"- AppSec Europe 2014"Wait, Wait! Don't pwn Me!"- AppSec Europe 2014
"Wait, Wait! Don't pwn Me!"- AppSec Europe 2014
Sonatype
 

Recommended

113 online suicide prevention: First two year results presented at the ESSSB1...
113 online suicide prevention: First two year results presented at the ESSSB1...113 online suicide prevention: First two year results presented at the ESSSB1...
113 online suicide prevention: First two year results presented at the ESSSB1...
Jan Mokkenstorm
 
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
Dana Gardner
 
Building Great Companies on the Cloud
Building Great Companies on the CloudBuilding Great Companies on the Cloud
Building Great Companies on the Cloud
Roman Stanek
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
Dana Gardner
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of Sonatype
Contrast Security
 
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Tim O'Brien
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Sonatype
 
"Wait, Wait! Don't pwn Me!"- AppSec Europe 2014
"Wait, Wait! Don't pwn Me!"- AppSec Europe 2014"Wait, Wait! Don't pwn Me!"- AppSec Europe 2014
"Wait, Wait! Don't pwn Me!"- AppSec Europe 2014
Sonatype
 
Ponemon survey cloud security webcast
Ponemon survey cloud security webcastPonemon survey cloud security webcast
Ponemon survey cloud security webcast
Dome9 Security
 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
Jeremiah Grossman
 
The software-security-risk-report
The software-security-risk-reportThe software-security-risk-report
The software-security-risk-report
Комсс Файквэе
 
Technology Innovation In Legal Industry
Technology Innovation In Legal IndustryTechnology Innovation In Legal Industry
Technology Innovation In Legal Industry
INSZoom
 
Technology innovation in legal industry by inszoom
Technology innovation in legal industry by inszoom Technology innovation in legal industry by inszoom
Technology innovation in legal industry by inszoom
Sneh Sharma
 
INSZoom - Technology Innovation in Legal Industry
INSZoom - Technology Innovation in Legal Industry INSZoom - Technology Innovation in Legal Industry
INSZoom - Technology Innovation in Legal Industry
INSZoom
 
Big Data Insights & Opportunities
Big Data Insights & OpportunitiesBig Data Insights & Opportunities
Big Data Insights & Opportunities
CompTIA
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
Intel IT Center
 
Privacy & Security: The New Drivers of Brand, Reputation and Action
Privacy & Security: The New Drivers of Brand, Reputation and ActionPrivacy & Security: The New Drivers of Brand, Reputation and Action
Privacy & Security: The New Drivers of Brand, Reputation and Action
Edelman
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security study
Dome9 Security
 
Public Cloud is Not Always the Answer... but Sometimes it is
Public Cloud is Not Always the Answer... but Sometimes it isPublic Cloud is Not Always the Answer... but Sometimes it is
Public Cloud is Not Always the Answer... but Sometimes it is
Axway
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
Silicon Valley Bank
 
Data Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier Effect
Netskope
 
Mis tue sponsored breakfast trus te
Mis tue sponsored breakfast trus teMis tue sponsored breakfast trus te
Mis tue sponsored breakfast trus te
MediaPost
 
A6704d01
A6704d01A6704d01
A6704d01
mudigonda
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
Imperva
 
Proofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey ResultsProofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey Results
shapetech
 
Box & okta in cloud
Box & okta in cloudBox & okta in cloud
Box & okta in cloud
Accenture
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
Silicon Valley Bank
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
Lumension
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
CloudPassage
 

More Related Content

Similar to What You Haven't Heard (Yet) About Cloud Security

Ponemon survey cloud security webcast
Ponemon survey cloud security webcastPonemon survey cloud security webcast
Ponemon survey cloud security webcast
Dome9 Security
 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
Jeremiah Grossman
 
The software-security-risk-report
The software-security-risk-reportThe software-security-risk-report
The software-security-risk-report
Комсс Файквэе
 
Technology Innovation In Legal Industry
Technology Innovation In Legal IndustryTechnology Innovation In Legal Industry
Technology Innovation In Legal Industry
INSZoom
 
Technology innovation in legal industry by inszoom
Technology innovation in legal industry by inszoom Technology innovation in legal industry by inszoom
Technology innovation in legal industry by inszoom
Sneh Sharma
 
INSZoom - Technology Innovation in Legal Industry
INSZoom - Technology Innovation in Legal Industry INSZoom - Technology Innovation in Legal Industry
INSZoom - Technology Innovation in Legal Industry
INSZoom
 
Big Data Insights & Opportunities
Big Data Insights & OpportunitiesBig Data Insights & Opportunities
Big Data Insights & Opportunities
CompTIA
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
Intel IT Center
 
Privacy & Security: The New Drivers of Brand, Reputation and Action
Privacy & Security: The New Drivers of Brand, Reputation and ActionPrivacy & Security: The New Drivers of Brand, Reputation and Action
Privacy & Security: The New Drivers of Brand, Reputation and Action
Edelman
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security study
Dome9 Security
 
Public Cloud is Not Always the Answer... but Sometimes it is
Public Cloud is Not Always the Answer... but Sometimes it isPublic Cloud is Not Always the Answer... but Sometimes it is
Public Cloud is Not Always the Answer... but Sometimes it is
Axway
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
Silicon Valley Bank
 
Data Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier Effect
Netskope
 
Mis tue sponsored breakfast trus te
Mis tue sponsored breakfast trus teMis tue sponsored breakfast trus te
Mis tue sponsored breakfast trus te
MediaPost
 
A6704d01
A6704d01A6704d01
A6704d01
mudigonda
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
Imperva
 
Proofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey ResultsProofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey Results
shapetech
 
Box & okta in cloud
Box & okta in cloudBox & okta in cloud
Box & okta in cloud
Accenture
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
Silicon Valley Bank
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
Lumension
 

Similar to What You Haven't Heard (Yet) About Cloud Security (20)

Ponemon survey cloud security webcast
Ponemon survey cloud security webcastPonemon survey cloud security webcast
Ponemon survey cloud security webcast
 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
 
The software-security-risk-report
The software-security-risk-reportThe software-security-risk-report
The software-security-risk-report
 
Technology Innovation In Legal Industry
Technology Innovation In Legal IndustryTechnology Innovation In Legal Industry
Technology Innovation In Legal Industry
 
Technology innovation in legal industry by inszoom
Technology innovation in legal industry by inszoom Technology innovation in legal industry by inszoom
Technology innovation in legal industry by inszoom
 
INSZoom - Technology Innovation in Legal Industry
INSZoom - Technology Innovation in Legal Industry INSZoom - Technology Innovation in Legal Industry
INSZoom - Technology Innovation in Legal Industry
 
Big Data Insights & Opportunities
Big Data Insights & OpportunitiesBig Data Insights & Opportunities
Big Data Insights & Opportunities
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
 
Privacy & Security: The New Drivers of Brand, Reputation and Action
Privacy & Security: The New Drivers of Brand, Reputation and ActionPrivacy & Security: The New Drivers of Brand, Reputation and Action
Privacy & Security: The New Drivers of Brand, Reputation and Action
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security study
 
Public Cloud is Not Always the Answer... but Sometimes it is
Public Cloud is Not Always the Answer... but Sometimes it isPublic Cloud is Not Always the Answer... but Sometimes it is
Public Cloud is Not Always the Answer... but Sometimes it is
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
 
Data Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier Effect
 
Mis tue sponsored breakfast trus te
Mis tue sponsored breakfast trus teMis tue sponsored breakfast trus te
Mis tue sponsored breakfast trus te
 
A6704d01
A6704d01A6704d01
A6704d01
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
Proofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey ResultsProofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey Results
 
Box & okta in cloud
Box & okta in cloudBox & okta in cloud
Box & okta in cloud
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
 

More from CloudPassage

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
CloudPassage
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
CloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
CloudPassage
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
CloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
CloudPassage
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
CloudPassage
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
CloudPassage
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
CloudPassage
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
CloudPassage
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
CloudPassage
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
CloudPassage
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
CloudPassage
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
CloudPassage
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest Slides
CloudPassage
 

More from CloudPassage (20)

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest Slides
 

What You Haven't Heard (Yet) About Cloud Security

  • 1. #CloudSec13 What You Haven't Heard (Yet) About Cloud Security Andrew Hay Wendy Nather Chief Evangelist, Research Director, CloudPassage, Inc. Enterprise Security, 451 Research
  • 2. Session Agenda • Cloud security trends and observations from 451 Research • Current cloud adoption trends and future individual and organizational expansion • How people are securely delivering applications using cloud architectures
  • 3. Trends in Cloud Security Wendy Nather, Research Director, Enterprise Security
  • 4. Cloud forecast: Relatively sanguine Large numbers of enterprises using some form of cloud services Most say they’re concerned about security And yet … Most don’t plan to use security!
  • 5. Security Requirements for Cloud What security-related requirements did you or will you require of your cloud computing? Please include certifications, qualifications, frameworks, and functionality in your response.* Informal Due Diligence 25% Datacenter Certification 13% SSAE 16 6% PCI 6% Formal Risk Assessment 6% CSA 6% Contractual Security Requirements 6% Agreement to SLAs 6% Source: None 38% TheInfoPro, a service of 451 Research Daniel Kennedy n=16. *Note that due to multiple responses per interview, totals may exceed 100%. dkennedy@theinfopro.com
  • 6. Application Hosting ‘in the Cloud’: Finance and HR Systems How concerned is your organization about the security of these types of applications running ‘in the cloud’, where cloud in this context denotes external hosting? Finance Systems HR Systems Extremely Concerned 50% Extremely Concerned 46% Very Concerned 21% Very Concerned 31% Somewhat Concerned Somewhat Concerned 8% Minimally Concerned 29% Minimally Concerned 15% Source: Not at All Concerned Not at All Concerned TheInfoPro, a service of 451 Research Daniel Kennedy dkennedy@theinfopro.com Left Chart, n=14; Right Chart, n=13. Information Security Wave 15
  • 7. Application Hosting ‘in the Cloud’: ERP Solutions and Email How concerned is your organization about the security of these types of applications running ‘in the cloud’, where cloud in this context denotes external hosting? ERP Solutions Email Extremely Concerned 36% Extremely Concerned 23% Very Concerned 36% Very Concerned 31% Somewhat Concerned 9% Somewhat Concerned 23% Minimally Concerned 9% Minimally Concerned 8% Source: Not at All Concerned 9% Not at All Concerned 15% TheInfoPro, a service of 451 Research Daniel Kennedy Left Chart, n=11; Right Chart, n=13. dkennedy@theinfopro.com Information Security Wave 15
  • 8. Application Hosting ‘in the Cloud’: Database/Data warehouses How concerned is your organization about the security of these types of applications running ‘in the cloud’, where cloud in this context denotes external hosting? Database/Data warehouses Extremely Concerned 23% Very Concerned 46% Somewhat Concerned 8% Minimally Concerned 8% Not at All Concerned 15% Source: TheInfoPro, a service of 451 Research Daniel Kennedy n=13. dkennedy@theinfopro.com Information Security Wave 15
  • 9. Types of Cloud-based Security Services: Part 1 Including those delivered by MSSPs, what types of cloud-based security services are you using today? Intrusion Content Filtering, Secure Email, or Detection/Prevention, Firewalls, VPNs Based Anti-virus/Anti-Spam on SSL, or Wireless Security Using Using 14% 7% In Plans for In Plans for Next 18 Next 18 Months Months 7% 29% Not in Plan 64% Not in Plan 79% Source: TheInfoPro, a service of 451 Research Daniel Kennedy dkennedy@theinfopro.com Left Chart, n=14; Right Chart, n=14. Information Security Wave 15
  • 10. Types of Cloud-based Security Services: Part 2 Including those delivered by MSSPs, what types of cloud-based security services are you using today? Security Information Event Log Management (SIEM), or Vulnerability/Risk Management In Plans for Next 18 Months 7% Not in Plan 93% Source: TheInfoPro, a service of 451 Research Daniel Kennedy dkennedy@theinfopro.com n=14. Information Security Wave 15
  • 11. Who, what and why … More organizations are moving to cloud - Well-defined, granular business operations that go well with SaaS - CRMs (hello Salesforce!) - Email - Office-like applications - Human resources - Payroll - Disposable, clonable uses - Development and testing - Honeypots and honeyclients - Data processing and analysis
  • 12. What’s going to be slower Legacy stacks Distributed systems with multiple owners  Governance issues  Getting the right level of multi-tenancy  Version drift and overall inertia http://www.shaldon-devon.co.uk
  • 13. What’s more likely More aging-out of legacy systems and greenfield migration to new ones (particularly pre-packaged IaaS, PaaS and SaaS) Changing business processes to fit into cloud (hello Procrustes!) Why? Because the cloud has more economies of scale and better security when there are fewer options.
  • 14. How to mitigate the risk Risk from dynamic Well-documented, secure environment VM lifecycle Risk from larger scale Build fail-safes into your fail-safes Dormant VM risk Authentication, encryptio n Shared risk Well-documented processes, contracts Unknown risk Visibility (real-time & historical)
  • 15. TheSecurity andand the 2012 2012 Survey The Security the Cloud Cloud Survey
  • 16. The Security and the Cloud 2012 Survey • Started on August 10th, 2012 • Questions about current cloud usage, future deployment plans, and security and compliance related concerns • Asked to identify the types of cloud, virtual, and physical compute architectures currently in use
  • 17. TotalNumber of Servers Total Number of Servers Number of servers in organization “More than half (55.3%) of respondents own and operate between 101 and 5,000 servers – a range often representing the typical enterprise organization server deployment spread.” – Andrew Hay, CloudPassage, Inc.
  • 18. Cloud Adoption Breakdown Cloud Adoption Breakdown Breakdown of cloud hosting environments being used “The majority of respondents claim that they only have between 1 and 25 percent of their servers in public cloud architectures – a modest 10.1% increase compared to public cloud architecture deployment for the same range.” – Andrew Hay, CloudPassage, Inc. Which cloud environment did you use first? “The majority of respondents (52.2%) claimed that private cloud was their first cloud architecture while only 28.9% claimed public cloud.” – Andrew Hay, CloudPassage, Inc.
  • 20. Server Breakdown Server Breakdown Percentage of servers in use, by compute environment
  • 21. HowPublic Cloud Servers Are Used Used How Public Cloud Servers Are How do you use your public cloud servers today? “The top 3 public cloud use cases, based on responses, appear to be the deploying of external applications (25.9%), the deploying of internal applications (22.4%), internal development and testing (20.9%).” – Andrew Hay, CloudPassage, Inc.
  • 22. Single Biggest Cloud Use Case Single Biggest Cloud Use Case “If we were to remove the ‘we do not host applications in public cloud environments’ answers, in addition to ‘other’, the data points to 41% of respondents claiming that the deploying of external applications is their single biggest concern.” – Andrew Hay, CloudPassage, Inc.
  • 23. HowPublic Cloud Servers Will Be Used Be Used How Public Cloud Servers Will How will you use your public cloud servers in 2013? “The only category due to decrease over the next year is the „we do not host applications in public cloud environments‟ answer.” – Andrew Hay, CloudPassage, Inc.
  • 24. WhoOversees Cloud Security? Who Oversees Cloud Security? Who oversees cloud security in your organization? “The majority of respondents (25.9%) claimed that central systems administrators, infrastructure or DevOps professionals oversaw cloud security within their organization.” – Andrew Hay, CloudPassage, Inc.
  • 25. Cloud Security Concerns in 2012 Cloud Security Concerns in 2012 Concerns about public cloud hosting
  • 26. Cloud Security Concerns Single Greatest Cloud Security Concern Concern change, 2011 to 2012 “In 2011 we saw 16.4% state they had no concerns but in 2012 the percentage of respondents that selected this answer was a mere 7%. We attribute this to a combination of education about security challenges in cloud environments and an increase in the number of high profile breaches since our 2011 survey.” – Andrew Hay, CloudPassage, Inc.
  • 27. Best‘Other’ Comment Best „Other‟ Comment Q: What is your absolute greatest security concern about the public Cloud? A: Clouds are for angles “One respondent claimed that they didn’t use a cloud as ‘clouds are for angles’ – which we believe was either a typo or some sort of existential geometry argument that we simply don’t understand.” – Andrew Hay, CloudPassage, Inc.
  • 28. TheSurvey: Findings Findings The Survey: Key – 4 out of 5 respondents stated that their companies are actively using cloud architectures – Concerns about multi-tenancy, the lack of perimeter defenses and/or network controls, and provider access to guest servers show significant decrease since our 2011 survey
  • 29. TheSurvey: Findings Findings The Survey: Key – Business critical applications are now running in the public cloud with publicly facing applications leading amongst all other use cases – The biggest growth area for 2013 appears to be in the utilization of public cloud for variable workload bursts with a projected 70% increase in deployment
  • 30. TheSurvey: Findings Findings The Survey: Key – Concerns for compliance with PCI and other standards in public cloud remain high – Users are becoming smarter about security in cloud environments with nearly 80% stating that they are aware that the security of their servers is not the sole responsibility of their cloud service providers
  • 31. The Survey: Findings Examine The Findings For Yourself cloudpassage.com/resource-center/get/security-and-the-cloud-2012
  • 32. Questions? Wendy Nather Andrew Hay Research Director at 451 Research Chief Evangelist at CloudPassage @451wendy @andrewsmhay

Editor's Notes

  1. The majority of respondents (90.1%) were from the United States but 20 individuals responded from other countries – including Canada, Ireland, India, Korea, Japan, Switzerland, South Africa, Mexico, Italy, and the United Kingdom.The respondents also represented 49 distinct industry verticals including financial services, software, manufacturing, business services, education, and others.
  2. We asked respondents to indicate how many total number of servers that their organizations operated including, but not limited to, virtual servers, traditional hardware servers and cloud servers.The two largest server ranges on the survey, as shown in Table 2, appeared to be the 101-500 range, with 53 respondents and 26.4% of the vote, and the 501-5,000 range, with 58 respondents and 28.9% of the vote. This means that more than half (55.3%) of respondents own and operate between 101 and 5,000 servers – a range often representing the typical enterpriseorganization server deployment spread.
  3. We asked individuals what type of cloud hosting environment their company used to help understand how, exactly, cloud was being adopted. We avoided forcing respondents to specify exactly what virtualization hypervisor platforms were being used to run their clouds, such as VMWare, Citrix, OpenStack, CloudStack, and others, as we expected such a wide variety of responses – including quite a few where the respondent had no knowledge of the architecture being employed.In an effort to determine our respondents’ first foray into cloud computing we posed the question “Which cloud environment did you use first”. Not surprisingly, the majority of respondents (52.2%) claimed that private cloud was their first cloud architecture while only 28.9% claimed public cloud. A small number (18.9%) claimed that they had no knowledge of which cloud environment was first used. The breakdown of cloud environment use can be seen in the bottom table.The results are not all that surprising. Very few organizations are going to make the jump from traditional on-premises physical server deployments, in which they have complete control, to shared public cloud environments where they control but a piece of the architecture’s security. It’s likely the same apprehension that homeowners feel when choosing to move from a house to an apartmentcomplex.
  4. Not surprisingly, private cloud usage tipped the scales with 73 respondents answering that they used private clouds within their company. Though private cloud leads the pack with 36.3% of respondents, we can’t help but wonder if people employing traditional on-premises virtualized infrastructures, such as VMWare ESX, Citrix, and others, also answered ‘private cloud’ as it most closely aligns with how their virtualized compute environment is used.
  5. The majority of respondents (87) claim that they only have between 1 and 25 percent of their servers in public cloud architectures – a modest 10.1% increase compared to public cloud architecture deployment for the same range. 22 respondents, compared to only 5 in the public range, claim to be using private cloud for between 26 and 50 percent of the servers in their environment.Virtualized and Data Center server deployment ranges are fairly similar. 35 respondents claimed that they had between 1 and 25 percent of their servers in virtualized architectures compared to 54 with between 1 and 25 percent in data center architectures. 76 respondents claimed between 26 and 50 percent of their servers in virtualized architectures compared to 74 in the same range for data center architectures. Only 57 respondents claimed that more than 50 percent of their servers resided in virtualized architectures. 45 respondents claimed that more than 50 percent oftheir servers resided in data center architectures.
  6. One of the most ambitious questions we posed in this year’s survey was aimed at determining how respondents were using the public cloud.The top 3 public cloud use cases, based on responses, appear to be the deploying of external applications (25.9%), the deploying of internal applications (22.4%), internal development and testing (20.9%).We also expected temporary workload, but not necessarily big data, to be higher. Various companies are using public cloud for temporary workload activities. The reason we say ‘not necessarily big data’ is because organizations that perform big data analytics continue to rely on internal compute grids for processing or, at best, private clouds under their complete control. These organizations have only begun to look to public cloud to help with genome sequencing, bioinformatics, molecular and financial modeling, and new drug discovery, in an elastic and temporary fashion.One last point on this slide, If we were to remove the ‘we do not host applications in public cloud environments’ answer from the total, we see that roughly 80% of respondents are using mission critical applications in the public cloud today.
  7. If we were to remove the ‘we do not host applications in public cloud environments’ answers, in addition to ‘other’, the data points to 41% of respondents claiming that the deploying of external applications is their single biggest concern
  8. What applications do you plan to run in public cloud hosting environments one year from now?Based on the data it appears as though temporary workload / big data deployment by respondents is poised to increase by 70.4% next year. The next biggest jump is for media (30.6%) followed by internal development and testing (28.6%).According to an EMC-sponsored study of 151 IT managers published in June 2012, one third said they plan to move some mission-critical applications to the cloud in the next year. Within two years, the IT managers said they will migrate 26 percent of their mission-critical applications to the cloud, and in five years, 44 percent of their mission-critical apps will be in the cloud.
  9. Cloud security is a top-down approach in some organizations and 23.4% of respondents stated that their senior technology leadership (CIO/CTO) was responsible for security. Only 14.4% claimed, however, that organizational cloud security was the purview of its senior security leadership team (CSO/CISO).The majority of respondents (25.9%) claimed that central systems administrators, infrastructure or DevOps professionals oversaw cloud security within their organization.Another way to think about it is that more than 65% of responsibility for cloud security is centralized, and only a small amount within the BU itself.
  10. They say that every cloud has a silver lining. Unfortunately, in the world of cloud computing, this isn’t always the case. To better understand the concerns of respondents we asked severalquestions around their spectrum of concerns, their single biggest concern, and a question designed to measure knowledge about the separation of security responsibility in cloud architectures.We asked respondents to rate their level of concern about public cloud issues using LOW, MEDIUM, or HIGH rankings.The concerns that were considered HIGH were security and compliance. 69.2% of respondents felt that security ranked as a HIGH concern – the highest total number responses we saw. Only8.0% of respondents felt security concerns warranted a LOW rating. Compliance concerns, on the other hand, had respondents worried. 45.3% of respondents cited compliance as being a HIGHconcern and 35.3% stated that it was a MEDIUM concern. Less than a quarter (19.4%) of respondents believed compliance was only a LOW concern – perhaps because their organizations were not bound by regulatory mandates or compliance initiatives.
  11. An interesting drop from 2011 to 2012 was how respondents selected the ‘we have no security concerns’ answer. In 2011 we saw 16.4% state they had no concerns but in 2012 the percentage of respondents that selected this answer was a mere 7.0%. We attribute this to a combination of education about security challenges in cloud environments and an increase in the number of high profile breaches since our 2011 survey.My takeaway is that concerns over innate elements of cloud (that can’t be changed) dropped a lot (multi-tenancy, lack of perimeter, provider access), but PCI and “Tools don’t work” stayed relatively high.
  12. The ‘Other’ option resulted in some interesting comments. One respondent stated that they were concerned with the general lack of adequate security, accountability, and survivability of data under others’ control. Another respondent claimed that cloud accounts could get easily compromised and servers can just as easily be taken down. An interesting response was with regards to FDA validation and controlled environment compliance – a response that we would have expected to fall under the blanket ‘Achieving compliance with PCI or other standards’ response. The winner, however…well one respondent claimed that they didn’t use a cloud as “clouds are for angles” – which we believe was either a typo or some sort of existential geometry argument that we simply don’t understand.
  13. The Survey: Findings
  14. The Survey: Findings
  15. The fact that 78.1% of respondents are aware that there is a separation in responsibility between cloud service provider architecture and organizational servers, application and data, shows that education about cloud is increasing.
  16. The Survey: Findings