Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number of CIO saying that risks need to be assessed prior to cloud adoption is 10%.
IT managers have eagerly implemented cloud applications to reap its many benefits: lower hardware and energy costs, more flexibility, faster responsiveness to changing and new applications, and improved resiliency.
Ponemon has found that improvements in cloud security over the past two years have really only been incremental. Cloud security struggles to get past a grade of 50 percent when it comes to best practices, including the percentage of organizations that say they engage their security teams in determining the use of cloud services.
Interesting findings about cloud services and security are:
- 53% of CIOs are confident that SaaS applications are secure
- 49 % evaluate IaaS for security risks prior to deployment
- 46% have stopped or slowed adoption of cloud services due to security concerns — 45% have not and 9% are not sure
- 35% of CIOs do not evaluate SaaS application for security prior to deployment
- 22 % say that the responsibility for security of IaaS is with the cloud provider
- 22 % say that IaaS security is in the domain of IT itself — 35% say the cloud computing provider is responsibility of the providers — 31 % say that IaaS security is ultimately the responsibility of the end users
Cloud Outsourcing, Disaster Recovery, and Security Bundle
The bundle includes in editable Microsoft WORD and PDF formats:
- Practical Guide for Cloud Outsourcing includes a job descriptions for Manager Cloud applications, Cloud Computing Architect, sample contract, service level agreement, ISO 27001 – 27002 – 27031 security audit checklist, Business and IT Impact Questionnaire and much more.
- Disaster Recovery Plan (DRP) can be used in whole or in part to establish defined responsibilities, actions and procedures to recover the computer, communication and network environment in the event of an unexpected and unscheduled interruption. The template is IS0 27000 (27031) Series, COBIT, Sarbanes Oxley, PCI-DSS, and HIPAA compliant.
- Security Manual Template – (ISO CobiT SOX HIPAA Compliant) includes the Business Impact questionnaire and a Threat and Vulnerability Assessment Form (PDF and Excel). It is a complete Security Manual and can be used in whole or in part to comply with Sarbanes Oxley, define responsibilities, actions and procedures to manage the security of your computer, communication,