對商業機構來說,希望確保自己所使用的云服務的安全性,并對它們實行充分的監管與調度并非什么秘密。
然而,正如對于信用卡安全性的擔憂并不能阻止電子商務在網絡上的普及一樣,安全因素沒有阻止云服務的普及,甚至沒有明顯減緩它普及的速度。Forrester ForrSight近期的一項調查顯示,有67﹪的大型企業正在將云計算的基礎設施級服務(IaaS)平臺應用于產品的生產及管理當中。這一比例比聲稱將IaaS平臺應用于產品測試和研發的企業還要大,后者占總數的61﹪。
這些跡象表明,企業已經不再將云技術的用途限定在產品的測試﹑改進或展示等初級階段,而是將它應用于生產的關鍵環節。Ponemon Institute的近期調查結果表明,商業組織并非不關心云技術的安全性——事實上他們很清楚這一點。聯系到之前的結論,這一調查結果讀起來饒有趣味。
超過半數的被調查者(52%)認為自己的公司對云服務的總體管理“尚可”(27﹪)或是“很差”(25﹪)。還有21﹪的人未作任何評價。其余42﹪的人表達了他們的憂慮,他們不清楚自己公司的程序或數據在開放的云服務平臺上是否安全。
該項調查名為“云安全:防火墻風險管理”,由云安全公司Dome9 Security贊助。調查結果基于628家美國IT公司及IT安全公司的反饋而產生。這些機構都在使用托管服務器或云服務器。
當被問及為何企業在對安全性沒有把握的情況下依然繼續使用云服務時,Dome9公司的副總裁Dave Meizlik,把原因歸結為“習慣”。“許多人并不習慣于直接對自己服務器的安全負責。他們有單獨的網絡系統及防火墻來應對安全問題,”Meizlik說道,“人們總是習慣于遵循自己已知并習慣的過程。”
根據此項研究,61 %的受訪者表示自己的公司沒有云服務防火墻的管理產品。究其原因,他們當中61 %的人認為該類產品“擴展性差”,59﹪的人認為“價格太高”,57 %的人認為“找不到可用的該類產品”。
此項研究與Ponemon security近期的另一項研究十分相似。該研究由密密鑰及密鑰管理公司Vormetric贊助。研究發現,在受訪的1000名IT安全工作人員中,少于半數的人相信他們的公司掌握保障云服務安全性的必要技術。
英文原文:
Survey shows organizations not only don't have a handle on cloud security -- they are also well aware of this and adopting the cloud anyway
It's no secret that organizations are concerned about their ability to secure and to maintain an adequate regulatory compliance posture in their cloud deployments.
However, just as concerns around credit card security didn't seem to noticeably stall the adoption of e-commerce on the Web, security hasn't stopped or noticeably even slowed cloud adoption. A recent Forrester ForrSight survey shows that 67 percent of large enterprises are using cloud computing Infrastructure-as-a-Service (IaaS) platforms to support production applications. That's greater than the 61 percent saying they use IaaS for testing and development.
Such evidence is mounting that enterprises are no longer using cloud primarily for testing, training, and demonstrations but in crucial production systems. That's why it was interesting to read the recent survey results from the Ponemon Institute research firm that found organizations not only don't have a handle on important aspects of cloud security -- they are also well aware of this.
More than half of respondents to the survey, 52 percent, rated their organization's overall management of cloud server security as fair (27 percent) and poor (25 percent). Another 21 percent didn't have any comment on their ability to secure their cloud servers. Another 42 percent expres
sed concern that they wouldn't know if their organizations' applications or data was compromised by an open port on a server in a cloud.
The study, "Cloud Security: Managing Firewall Risks" and sponsored by cloud security firm Dome9 Security, was based on the responses of 682 IT and IT security practitioners in the United States, whose organizations rely on hosted or cloud servers.
When asked why organizations are continuing to move to cloud while admittedly not having a strong grasp on their ability to secure their systems, it comes down to habit, says Dave Meizlik, Dome9 VP of marketing and business development. "Many people aren't used to having to directly secure their servers. They have segmented networks and perimeter firewalls that take care of that for them," says Meizlik. "People follow the processes that they know and are used to."
According to the study, 61 percent of respondents say their organization does not have a cloud server firewall management product. Of those who do not, 62 percent say it is because they are not scalable, cost too much (59 percent) and are not available (57 percent).
This study mirrored another recent Ponemon security study, sponsored by encryption and key management firm Vormetric Inc., which found that of the 1,000 IT security and compliance officers' questions, less than half believe their organizations have the technologies necessary to secure their cloud deployments.
京公網安備 11010502049343號