Security in the cloud has always been a major concern among organizations. Many are confident in their organization's ability to secure data, but their actions tell another story. A recent survey commissioned by CA Technologies (NASDAQ: CA) and conducted by the Ponemon Institute, an independent research firm, revealed companies have improved their practices around cloud computing security compared to results of a 2010 survey. Responses, however, raise questions and concerns. 

The study, Security of Cloud Computing Users 2013, revealed that only 50 percent answered in the affirmative for questions involving cloud security best practices, confidence in cloud services and knowledge of the cloud services in use within an organization, leaving the other half with a lingering uncertainty.The survey also revealed the following:

  • Cloud confidence and best practices are improving, but further progress can be made -- Positive responses regarding security risk, engaging the security team in determining cloud service use and assessing how a cloud service could impact data security improved by 5 percent from 2010. Still, only 50 percent of organizations are confident they know all the cloud services in use within their organization.
  • Responsibility for cloud security is mixed with a bias toward end users, while IT security gets a pass -- Who is responsible for cloud security? Can organizations fill in security and governance gaps? While some organizations expect their cloud services providers to ensure the security of software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) applications, a significant amount of the responsibility was assigned to companies’ end users, and little responsibility was assigned to IT security.
  • Users prefer hybrid identity and access management (IAM) security solutions -- 64 percent of survey respondents would prefer a hybrid IAM implementation that supports both on-premise and cloud-based applications.

"While cloud computing is still one of the most disruptive and promising trends of the past decade, our study shows that cloud security struggles to get past a grade of 50 percent when it comes to best practices, including the percentage of organizations that say they engage their security teams in determining the use of cloud services," said Mike Denning, CA's general manager of security. "We believe that organizations can do better and gain the benefits of cloud computing by reducing risk and achieving that desired balance of protection and business enablement."

The study surveyed 748 IT and IT security practictioners located in the United states. The majority of the survey's respondents were at the supervisor level or higher in their organizations with total IT or data security experience averaging 10 years.