Cloud security – who carries the can?

Research by cybersecurity firm McAfee found that 40% of large UK businesses expect to be cloud-only by 2021, with 70% expecting to be cloud-only at some point in the future. However, establishing who is responsible for cloud security in an organisation is struggling to keep pace.

GlobalData’s technology deputy editor Rob Scammell says: “Data repositories containing sensitive business or customer information can be misconfigured by businesses, providing easy pickings for cybercriminals.”

Previous research conducted by McAfee found that 99% of misconfigured cloud servers go undetected.

McAfee’s latest survey of over 2,000 senior IT staff and employees in the UK, France and Germany found a lack of consensus as to who in the business is ultimately responsible for cloud security. Some 14% said the CEO should take responsibility, while 19% believe it should be the chief information officer. Just 5% said the chief information security officer is responsible for cloud security. The role of IT manager drew the largest number of votes, with 34% believing them responsible for cloud security.

Nigel Hawthorn, EMEA director of cloud security business at McAfee says: “I think we’re in a dangerous place if we’re going to cloud as fast as possible, but we haven’t decided who’s responsible for the security.”

Raj Samani, chief scientist and McAfee fellow adds: “You can outsource the work, but you can’t outsource the risk. The reality is [that] in cloud computing, we see organisations and people migrating and outsourcing over to cloud services with the belief that it absolutely absolves them of any risk or any concerns.”

Hawthorn and Samani believe that ultimately an organisation needs to decide who is responsible for cloud security, give them adequate resources and allow their voice to be heard by the board.

For more information

Visit GlobalData’s Verdict