Symantec Corp. and the Ponemon Institute, a leading privacy and information management research firm, announced the findings of a joint survey of IT professionals. The survey revealed that most organizations lack the procedures, policies and tools to ensure that sensitive information they put in the cloud remains secure. Despite security concerns and the expected growth in cloud computing, only 27 percent of respondents said their organizations have procedures for approving cloud applications that use sensitive or confidential information.
Additional Survey Findings:
Organizations evaluate cloud services by word of mouth (65 percent), contractual agreements and assurances from the vendor (55 percent and 53 percent, respectively).
Only 23 percent require proof of security compliance such as SAS 70, 18 percent rely on in-house security assessments and just six percent rely on third-party assessments by security experts or auditors.
More than 75 percent of respondents noted that the migration to cloud computing was occurring in a less-than-ideal manner, due to a lack of control over end users. Lack of resources to conduct proper evaluations, lack of leadership to oversee the process and the low priority for evaluations were also factors.
Only 19 percent of the respondents indicated that their company provides general data security training that discusses cloud applications. In addition, 42 percent of the respondents noted that their company offers general data security training that does not specifically discuss cloud applications.