Fewer than half of enterprises believe their organizations have adequate technologies to secure their cloud infrastructures, according to a survey of 1,000 IT security practitioners and enterprise compliance officers conducted by the Ponemon Institute and sponsored by encryption vendor Vormetric.
According to the report, "Data Security in the Cloud Survey of U.S. IT Operations, IT Security, and Compliance Practitioners," only one-third of IT security practitioners believe cloud infrastructure as a service (IaaS) environments are as secure as on-premises datacenters, while half of compliance officers think IaaS is as secure.
Twenty-one percent of compliance officers said they are responsible for defining security requirements, but 22% of IT respondents think this responsibility belongs to business unit leaders.
Fewer than a third of respondents said they encrypt data in the cloud. IT practitioners said encryption should be used to make data unreadable by cloud service providers, but compliance officers said encryption should be used to enforce separation of duties to prevent IT administrators from accessing data they do not need to perform their jobs.
"While we were surprised by the different attitudes towards cloud security among IT practitioners and compliance officers, the findings did reveal that security in the cloud is a concern for both groups, especially in IaaS environments," said Larry Ponemon, chairman and founder of the Ponemon Institute.