It's no secret that organizations are concerned about their ability to secure and to maintain an adequate regulatory compliance posture in their cloud deployments.
However, just as concerns around credit card security didn't seem to noticeably stall the adoption of e-commerce on the Web, security hasn't stopped or noticeably even slowed cloud adoption. A recent Forrester ForrSight survey shows that 67 percent of large enterprises are using cloud computing Infrastructure-as-a-Service (IaaS) platforms to support production applications. That's greater than the 61 percent saying they use IaaS for testing and development.
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
Such evidence is mounting that enterprises are no longer using cloud primarily for testing, training, and demonstrations but in crucial production systems. That's why it was interesting to read the recent survey results from the Ponemon Institute research firm that found organizations not only don't have a handle on important aspects of cloud security -- they are also well aware of this.
More than half of respondents to the survey, 52 percent, rated their organization's overall management of cloud server security as fair (27 percent) and poor (25 percent). Another 21 percent didn't have any comment on their ability to secure their cloud servers. Another 42 percent expressed concern that they wouldn't know if their organizations' applications or data was compromised by an open port on a server in a cloud.
The study, "Cloud Security: Managing Firewall Risks" and sponsored by cloud security firm Dome9 Security, was based on the responses of 682 IT and IT security practitioners in the United States, whose organizations rely on hosted or cloud servers.
When asked why organizations are continuing to move to cloud while admittedly not having a strong grasp on their ability to secure their systems, it comes down to habit, says Dave Meizlik, Dome9 VP of marketing and business development. "Many people aren't used to having to directly secure their servers. They have segmented networks and perimeter firewalls that take care of that for them," says Meizlik. "People follow the processes that they know and are used to."
According to the study, 61 percent of respondents say their organization does not have a cloud server firewall management product. Of those who do not, 62 percent say it is because they are not scalable, cost too much (59 percent) and are not available (57 percent).
This study mirrored another recent Ponemon security study, sponsored by encryption and key management firm Vormetric Inc., which found that of the 1,000 IT security and compliance officers' questions, less than half believe their organizations have the technologies necessary to secure their cloud deployments.
George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter @georgevhulme.
Read more about cloud security in CSOonline's Cloud Security section.