One of the most heated debates in all of enterprise computing these days centers on the security of cloud computing. One IT camp argues that cloud computing is inherently more secure because of the ability to invest in all the policies and expertise required to make the overall IT environment secure.
The other camp argues just as vociferously that the centralization of IT into a few cloud computing platforms makes it easier for the bad guys to focus their efforts and that, once breached, hundreds of thousands of records will be as risk because of all the shared infrastructure inherent to the cloud computing model.
Into the midst of this debate comes a new study from the Ponemon Institute that was funded by CA Technologies. The study of 642 IT executives in the U.S and another 283 from Europe, the Middle East and Africa finds that about half of worldwide IT organizations said that no one in their organization evaluates cloud computing providers for security. Worse yet, half said they were pretty sure that no one in their organizations knew about every cloud computing service that end users in their company were storing data on.
Larry Ponemon, chairman of the Ponemon Institute, says the study clearly shows that at the moment the risk factors with cloud computing are high because not all cloud computing providers have the same level of security. In addition, there is no security rating system in place for cloud computing, so business users can’t even rely on third-party security validations.