Over half of CIOs fail to test cloud vendors’ security systems and procedures before selecting the provider, according to a survey of 250 senior IT decision-makers.
The research, conducted by IT recruitment consultancy Robert Half Technology (RHT), polled CIOs and IT decision-makers in the UK public and private sector.
Although 84 per cent of senior IT decision-makers claimed that they were concerned or very concerned about the risks associated with IT security breaches, 55 per cent of CIOs have not tested cloud vendors’ security systems and procedures.
Worse still, more than one in 10 of the CIOs said that they are not taking any proactive action to address cyber security.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
Phil Sheridan, managing director of RHT, said that many CIOs are left with no choice but to migrate to the cloud to ease the burden on IT budgets, regardless of the subsequent security risks.
“Looking towards 2013, CIOs are charged with juggling multiple priorities, with regulation, integration and migration projects putting additional pressure on busy IT departments. But the risks of not migrating to the cloud, notably the achievement of significant cost reductions, may outweigh the potential security risks that concern IT executives. Budgets continue to be stretched and any potential cost savings that IT can deliver will be welcomed throughout the business,” he said.
Computing research* has found that firms have several reasons why they are concerned about moving to the cloud. These include data security (77 per cent of firms), legal issues around where it will be stored and who will have access to it (48 per cent) and the reality of moving equipment offsite (46 per cent).
With the Information Commissioner’s Office (ICO) able to fine organisations up to £500,000 for a data breach, Ryan Rubin, UK director of risk consultancy Protiviti believes that ensuring data stored in the cloud is safe is of greater concern than the cost benefits of moving to cloud alone.
“Since an increasingly higher percentage of IT security breaches involve third parties, gaining assurance from cloud providers is critical to managing information security risk. Whilst companies may migrate IT towards cloud providers in an attempt to reduce costs, they cannot outsource their information security risks. Unless adequately managed, the cost of security breaches – either regulatory and or legal – may outweigh the perceived benefits of moving into the cloud,” he said.
Unauthorised intrusion into a third-party datacentre is an area of concern for CIOs, and datacentre providers are themselves aware of these issues and often keen to establish their security credentials from the start to reassure potential customers that their equipment will be adequately protected from tampering.
However, Computing research found that 23 per cent of firms said they had to ask the provider to create a stronger protective environment as they were unsatisfied with the initial offering, and 17 per cent said they were concerned their equipment was sharing rack space with others and security clearance protocols did not appear sufficiently stringent.
Meanwhile, 10 per cent of respondents said they were alarmed at how easily they can gain access to their data, highlighting the importance of discussing every facet of a datacentre provider’s working procedures before signing a deal.
Rubin claimed that many firms become vulnerable because of a lack of involvement on the part of the CIO in the procurement process.
“CIOs are not always involved in the overall decision to procure cloud services – limiting their ability to carry out effective due diligence before these services are adopted,” he said.