40% of Those With an Interest in Cloud Services Don't Have a Process to Assess Provider Security According To New InformationWeek Reports Research

At the same time, 25% of these respondents allow or will allow sensitive data to be stored in the cloud, and another 31% are considering it.

Aug 16, 2012

SAN FRANCISCO, Aug. 16, 2012 /PRNewswire/ -- InformationWeek Reports (http://reports.informationweek.com), a service provider for peer-based IT research and analysis, announced the release of its latest research report. Cloud Security: Verify, Don't Trust analyzes results from InformationWeek's 2012 Cloud Security and Risk survey. More than 360 business technology professionals responded to this poll.

Research Summary:

InformationWeek asked respondents to share their attitudes about cloud security and their approaches to assessing provider security controls, including the use of technical audits, vulnerability assessments and penetration tests. Survey participants were also asked about IT's use of auditing reports and documentation such as the SSAE 16 and the Cloud Security Alliance's CAIQ.


  • 55% of respondents that use or plan to use or are considering cloud services say unauthorized access to or leak of proprietary data is a top concern, trumping issues such as performance and vendor lock-in.
  • 20% say cloud providers have superior security controls.
  • 35% perform or plan to perform vulnerability assessments of cloud providers; another 5% do so or will do so even though their contract with the provider forbids it.
  • 28% run or will run at least one mission-critical application in the cloud.

The report author, Michael Davis, is CEO of Savid Technologies, a security consulting firm.

For full access to the research data, members can download now: http://reports.informationweek.com/abstract/5/8978/Cloud-Computing/research-cloud-security-verify-don-t-trust.html?cid=rpt_press_rls

"The safety of a company's data is too important to just blindly trust that a cloud provider has the proper security controls and sound operational procedures," says Andrew Conry-Murray, editor at large for InformationWeek Reports. "Cloud customers and potential customers have to be prepared to invest the time to perform repeatable and process-driven assessments of a provider's security capabilities. Our report offers helpful guidance."

For more information:
Art Wittmann    
VP & Managing Director, InformationWeek Reports

About InformationWeek Business Technology Network (http://www.informationweek.com)

The InformationWeek Business Technology Network provides IT executives with unique analysis and tools that parallel their work flow—from defining and framing objectives through to the evaluation and recommendation of solutions. Anchored by InformationWeek, the multimedia powerhouse that looks across the enterprise, the network scales across the most critical technology categories with online properties like DarkReading.com (security), NetworkComputing.com (networking and communications) and BYTE (consumer technology). The network also provides focused content for key IT targets, such as CIOs, developers, and SMBs via InformationWeek Global CIO, Dr. Dobb's and InformationWeek SMB, as well as vital vertical industries with InformationWeek Financial Services, Government and Healthcare sites. Content is at the nucleus of our information distribution strategy—IT professionals turn to our experts and communities to stay informed, get advice and research technologies to make strategic business decisions.

About UBM TechWeb (http://www.ubmtechweb.com)

UBM TechWeb, the global leader in technology media and professional information, enables people and organizations to harness the transformative power of technology. Through its three core businesses – media solutions, marketing services and paid content – UBM TechWeb produces the most respected and consumed brands and media applications in the technology market. More than 14.5 million business and technology professionals (CIOs and IT managers, Web & Digital professionals, Software Developers, Government decision makers, and Telecom providers) actively engage in UBM TechWeb's communities and information resources monthly. UBM TechWeb brands include: global face-to-face events such as Interop, Web 2.0, Black Hat and Enterprise Connect; award-winning online resources such as InformationWeek, Light Reading, and Network Computing; and market-leading magazines InformationWeek, Wall Street & Technology, and Advanced Trading. UBM TechWeb is a UBM plc company, a global provider of news distribution and specialist information services with a market capitalization of more than $2.5 billion.