Who is responsible for cloud security? It’s a bit foggy, finds McAfee – Verdict

UK businesses are steaming ahead to become cloud-only companies, but establishing who is responsible for cloud security in an organisation is struggling to keep pace.

Research by cybersecurity firm McAfee found that 40% of large UK businesses expect to be cloud-only by 2021, with 70% expecting to be cloud-only at some point in the future.

Yet the survey of over 2,000 senior IT staff and employees in the UK, France and Germany found a lack of consensus as to who in the business is ultimately responsible for cloud security.

14% said the CEO should take responsibility, while 19% believe it should be the chief information officer. Just 5% said the chief information security officer is responsible for cloud security.

The role of IT manager drew the largest number of votes, with 34% believing them ultimately responsible for cloud security.

The findings echo those of a recent Big Data LDN survey, which found data responsibility to be spread thinly across the c-suite.

What scares me about this is that the answers are, dare I say it, sort of all over the place, said Nigel Hawthorn, EMEA director of cloud security business at McAfee, speaking at a media roundtable.

And I think this is why cloud security is not necessarily being addressed in a holistic manner, because it has to have an owner and has to have a team who are led by someone to actually make sure that its being addressed.

Hawthorne said that so-called shared responsibly models put forward by Microsoft and Amazon the two largest cloud vendors are not enough.

From the magazine: Mending leaky buckets: Overcoming the unsecured cloud server crisis

Drawing parallels with renting a car, he points out how manufacturers are responsible for safety features such as airbags, the rental firm responsible for oil and the driver for driving safely.

Theres no point in saying its your fault Ford when I drove the car at 100 miles an hour into a wall, he said.

Get the Verdict morning email

While 84% said the cloud improved their organisations data security, cloud computing provides a unique set of security problems.

Data repositories containing sensitive business or customer information can be misconfigured by businesses, providing easy pickings for cybercriminals.

Previous research conducted by McAfee found that 99% of misconfigured cloud servers go undetected.

You can outsource the work, but you cant outsource the risk, said Raj Samani, chief scientist and McAfee fellow.And the reality is [that] in cloud computing, we see organisations and people migrating and outsourcing over to cloud services with the belief that it absolutely absolves them of any risk or any concerns.

So whats the solution? Hawthorn and Samani believe that educating users at the right time in the right context about cloud security can help. But ultimately, an organisation needs to decide who is responsible for cloud security, give them adequate resources and allow their voice to be heard by the board.

I think were in a dangerous place if were going to cloud as fast as possible, but we havent decided whos responsible for the security, added Hawthorn.

Read more: Wed change AWS S3 bucket security if we had a time machine: AWS director

See the original post here:
Who is responsible for cloud security? It's a bit foggy, finds McAfee - Verdict

Related Posts

Comments are closed.