Analyst Reports
By Larry Ponemon, Ph.D., Ponemon InstituteThis research was conducted to determine how organizations manage the inherent data security risks associated with IT infrastructure services provided by public or hybrid cloud providers. Our study surveyed IT operations, IT security and compliance practitioners. The findings reveal the gulf between those working in IT and those in compliance about service provider controls, top security measures and roles and responsibilities.
Among many findings, the study also highlights the greater data security risk in Infrastructure-as-a-Service (IaaS) cloud environments along with the need for a separation of duties (SOD) between cloud service providers, IT administrators/application developers, and IT security.
By Jon Oltsik, Enterprise Strategy GroupEnterprise Data Privacy and the protection of confidential data is a difficult job that gets more complex each day. Current security technologies like firewalls, IDS/IPS, and anti-virus were not distinctly designed to protect mission-critical data which may be one explanation for the increasing string of visible security breaches that seem to make the headlines on a daily basis.
Ineffective security strategies and the security status quo are no longer viable excuses as they leave private data extremely vulnerable. Organizations must transition from a passive approach to information security to an active data security centric approach that addresses new threats to sensitive data and increasingly strict legislation.