Survey: Most Cloud Adopters Admit To Improper Cloud Access 
Cloud adoption may be outpacing commensurate security controls in large enterprises, according to a survey by Courion Corp. One in seven company executives report they know there are potential access violations in their cloud applications, but don’t know how to find them
Cloud adoption may be outpacing commensurate security controls in large enterprises, according to a survey by Courion Corp. One in seven company respondents admit they know of potential access violations in their cloud applications, but don’t know how to find them.
Courion’s 2010 Access Assurance Survey surveyed 384 business managers from large enterprises worldwide with at least 1,000 employees in October 2010. The survey also found most violations or lapses arise because managers are confused over who precisely is responsible for securing cloud data. Specifically, a whopping 78.4% of respondents (nearly 4 in 5) could not identify the party responsible for cloud data security in their organization.
“As enterprises increasingly leverage cloud solutions amid this confusion, more data is at risk of unauthorized access,” the Courion survey said.
Supporting this statement are other findings from Courion’s 2010 Access Assurance Survey, which include:
- Nearly half (48.1%) of the respondents are not sure of passing a compliance audit of their cloud-based applications, or that such an audit would show all users are engaging in “appropriate” access.
- Some 15% of respondents admit they know of “potential access violations” from cloud operations but they don’t know how to find them.
- More than half (61.2%) of respondents are not sure which employees have access to which systems or applications
- Almost two-thirds (64.3%) of the business managers said they are not “confident” they can stop terminated employees from accessing one of more of their cloud-based or on-premise IT systems.
'The responses indicate that the problem is getting worse, and is only being exacerbated by the increasing use of cloud-based applications, which creates more access violation risk," the survey concluded.
In summary, Courion recommends company’s conduct careful inspections of access assurance policies that define, verify and enforce that authorized users have the appropriate access to data and resources. The survey also recommended that companies “deliberate on which applications are best-suited for cloud environments and which are best kept on-premise."
