Security issues still raining on cloud's parade

Details of who has access to what is a bit misty, survey finds

Who has access?

Security is still a foggy subject for cloud users, according to a surveyby access governance consultancy Courion.

In a survey of 384 business managers from large enterprises, one in seven respondents admitted they know of potential access violations in their cloud applications, but they do not know how to find them.

Nearly half (48 per cent) of respondents said they are not confident that a compliance audit of their cloud-based applications would show that all user access is appropriate.

Some 61 per cent said they have limited or no knowledge of which systems or applications employees can access. This is up from 53 per cent in 2009.

These so-called “zombie” accounts, which remain active after employees have left the company or changed roles, risk data breaches, Courion’s report said.

Consequently, enterprises are less confident than they were last year that they can prevent terminated employees accessing systems. Some 64 per cent said they are not completely confident, compared with 58 per cent last year.

The survey also found that there is widespread confusion about who is responsible for securing cloud data. More than three quarters (78 per cent) of respondents could not identify the single party responsible.

While 65 per cent said that the company from which the data originates, the application provider and the cloud service provider are all responsible for data security, another 13 per cent were not so sure and there is no consensus on who is primarily responsible for data security in the cloud.