CRN recently highlighted a Ponemon Institute survey that looked into organizations’ thoughts on cloud security, and what they consider when moving their data to the cloud.
49% of the 1,140 business and IT managers surveyed said their organizations have moved sensitive data to a cloud environment, and 33% planning to transfer such data to the cloud in the next two years. However, Ponemon respondents are unsure who was protecting their data.
This reminded me of our Cloud Prenup that we put together to help organizations understand cloud responsibilities and what to look for when signing a cloud SLA. When taking a look at both the survey and our prenup, there are some interesting similarities.
The Ponemon survey found 44% of organizations that believed a cloud provider was responsible for protecting the data, and the 30% thought the cloud customer was responsible.
In our cloud prenup we note, cloud buyers should review all SLA terms and conditions carefully to determine who is responsible for what in different circumstances.
It’s also important to detail what happens to customer data should the customer or the vendor go out of business; if there's a merger or acquisition for either party; and how long a cloud vendor will keep customer data.
Regardless of the situation, when in doubt, it’s best to assume that it is the cloud buyer’s responsibility.
Some people are still “setting and forgetting”
In a statement, Larry Ponemon, the chairman and founder of the Ponemon Institute said, "What is perhaps most surprising is that nearly two thirds of those that move sensitive data to the cloud regard their service providers as being primarily responsible for protecting that data, even though a similar number have little or no knowledge about what measures their providers have put in place to protect data.”
As we point out, once you move into the cloud, you have the same responsibilities you had when the infrastructure was on premise. It's important to plan how day-to-day IT activities will be handled; who has access to what and when; and what are all of the security details. It's also necessary to understand the maintenance of these environments, whether it is bug fixes or upgrades.
Be careful how much you reduce your security posture
In the survey, 39% of respondents said their security posture reduced after moving their sensitive data to the clould. However, will they be ready for a possible disaster?
In our recommendations we highlight how it's imperative to plan out what happens when disaster strikes. Before taking the cloud plunge it's important to ensure a failover plan is in place and to determine a replication plan. High availability is the cloud vendor's job, but failover isn't.
If you want to see what else was included within our cloud prenup, view it here.
View all posts from Matt Cicciari on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Copyright © 2018 Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.
Progress, Telerik, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.