Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Cloud Access Survey Demonstrates Continued Lack of Control

Courion : 01 November, 2010  (Technical Article)
Courion's access assurance survey reveals number of companies having poor control over employee access to cloud applications and services
Courion has released results from its second annual Access Assurance Survey revealing that the Cloud is still akin to the Wild West when it comes to the security of the data hosted there.

In fact, 1 in 7 companies admit that they know there are potential access violations in their Cloud applications, but they don't know how to find them. The survey also found that there is widespread confusion about who is responsible for securing Cloud data - 78.4% of respondents could not identify the single party responsible. As enterprises increasingly make use of Cloud solutions amid this confusion, more data is at risk of unauthorised access.

Conducted in October 2010, the global survey of 384 business managers from large enterprises - 86% of which had at least 1,000 employees - revealed that Cloud adoption may be outpacing commensurate security controls. Even more startling, the lack of knowledge about which systems or applications employees have access to is actually increasing, up nearly 10% from last year's figures. This indicates an alarming growth in the lack of control enterprises have over user access, which is only exacerbated by the use of Cloud solutions.

Key cloud-related results from the survey include:

• Nearly half (48.1%) of respondents said they are not confident that a compliance audit of their Cloud-based applications would show that all user access is appropriate. An additional 15.7% admitted they are aware that potential access violations exist, but they don't know how to find them.

• Confusion abounds about Cloud data security - more than three quarters of respondents cannot say who they believe should be responsible for data housed in a Cloud environment. While 65.4% said that the company from which the data originates, the application provider and the Cloud service provider are all responsible, another 13% said they were not sure. There is no consensus on who the single party should be that protects that data.

Additional findings include:

• 61.2% of respondents said they have limited or no knowledge of which systems or applications employees have access to. This number spiked from 52.8% in 2009, demonstrating an increasing risk of "zombie" accounts - accounts that remain active after employees have left the company or changed roles - which can lead to data breaches.

• Fittingly, enterprises are less confident this year than in 2009 that they can prevent terminated employees from accessing one or more IT systems. 64.3% said they are not completely confident, compared with 57.9% last year.

• There was a slight increase in the percentage of companies who were more concerned with external IT security threats than internal ones. 56.5% of respondents said that external threats were still the biggest concern, compared with 54% last year.

These results show that many organisations are not currently doing the proper due diligence to ensure that sensitive data is being accessed by the right employees on-premise, not to mention when data is housed by a third party provider. The responses indicate that the problem is getting worse, and is only being exacerbated by the increasing use of Cloud-based applications, which creates more access violation risk. Courion recommends careful inspection of Access Assurance policies that define, verify and enforce that the right users have the right access to the right resources and are doing the right things, and also that companies deliberate on which applications are best-suited for Cloud environments and which are best kept on-premises.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo