Enviar búsqueda
Cargar
Ponemon cloud security study
•
0 recomendaciones
•
351 vistas
Dome9 Security
Seguir
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 21
Descargar ahora
Descargar para leer sin conexión
Recomendados
Cloud Computing White Paper
Cloud Computing White Paper
Chris O'Neal
2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary
Комсс Файквэе
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
Lumension
network-host-reconciliation
network-host-reconciliation
Gordon Mackay - CISSP
Ponemon survey cloud security webcast
Ponemon survey cloud security webcast
Dome9 Security
Cloud Computing Security
Cloud Computing Security
Arunvignesh Venkatesh
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
Intel IT Center
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...
Dana Gardner
Recomendados
Cloud Computing White Paper
Cloud Computing White Paper
Chris O'Neal
2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary
Комсс Файквэе
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
Lumension
network-host-reconciliation
network-host-reconciliation
Gordon Mackay - CISSP
Ponemon survey cloud security webcast
Ponemon survey cloud security webcast
Dome9 Security
Cloud Computing Security
Cloud Computing Security
Arunvignesh Venkatesh
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
Intel IT Center
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...
Dana Gardner
DDoS Attacks Advancing and Enduring a SANS & Corero Survey
DDoS Attacks Advancing and Enduring a SANS & Corero Survey
Stephanie Weagle
Vulnerability Malware And Risk
Vulnerability Malware And Risk
Chandrashekhar B
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
Mountain States Engineering and Controls
Asigra Cloud-to-Cloud Survey Results
Asigra Cloud-to-Cloud Survey Results
Asigra
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011
Atlantic Security Conference
Vulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
Removing the Cloud of Insecurity
Removing the Cloud of Insecurity
Rackspace
Antigena Overview
Antigena Overview
Austin Eppstein
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
researchinventy
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
Neha Rana
Take back your security infrastructure
Take back your security infrastructure
Anton Chuvakin
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
London School of Cyber Security
fp_prevention_framework_symantec_a_case_study
fp_prevention_framework_symantec_a_case_study
Thomas Parsons
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
Paper4
Paper4
Kestone
فداء ملائكي
فداء ملائكي
Oume Slaoui
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
Oume Slaoui
Salon stylistprofiles
Salon stylistprofiles
paula1096
نهاد... أيامي في انتظارك
نهاد... أيامي في انتظارك
Oume Slaoui
Building Secure Architectures on AWS
Building Secure Architectures on AWS
Amazon Web Services
Security Best Practices on AWS
Security Best Practices on AWS
Amazon Web Services
Más contenido relacionado
La actualidad más candente
DDoS Attacks Advancing and Enduring a SANS & Corero Survey
DDoS Attacks Advancing and Enduring a SANS & Corero Survey
Stephanie Weagle
Vulnerability Malware And Risk
Vulnerability Malware And Risk
Chandrashekhar B
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
Mountain States Engineering and Controls
Asigra Cloud-to-Cloud Survey Results
Asigra Cloud-to-Cloud Survey Results
Asigra
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011
Atlantic Security Conference
Vulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
Removing the Cloud of Insecurity
Removing the Cloud of Insecurity
Rackspace
Antigena Overview
Antigena Overview
Austin Eppstein
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
researchinventy
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
Neha Rana
Take back your security infrastructure
Take back your security infrastructure
Anton Chuvakin
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
London School of Cyber Security
fp_prevention_framework_symantec_a_case_study
fp_prevention_framework_symantec_a_case_study
Thomas Parsons
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
Paper4
Paper4
Kestone
La actualidad más candente
(16)
DDoS Attacks Advancing and Enduring a SANS & Corero Survey
DDoS Attacks Advancing and Enduring a SANS & Corero Survey
Vulnerability Malware And Risk
Vulnerability Malware And Risk
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
Asigra Cloud-to-Cloud Survey Results
Asigra Cloud-to-Cloud Survey Results
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011
Vulnerability , Malware and Risk
Vulnerability , Malware and Risk
Removing the Cloud of Insecurity
Removing the Cloud of Insecurity
Antigena Overview
Antigena Overview
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
Take back your security infrastructure
Take back your security infrastructure
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
fp_prevention_framework_symantec_a_case_study
fp_prevention_framework_symantec_a_case_study
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Paper4
Paper4
Destacado
فداء ملائكي
فداء ملائكي
Oume Slaoui
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
Oume Slaoui
Salon stylistprofiles
Salon stylistprofiles
paula1096
نهاد... أيامي في انتظارك
نهاد... أيامي في انتظارك
Oume Slaoui
Building Secure Architectures on AWS
Building Secure Architectures on AWS
Amazon Web Services
Security Best Practices on AWS
Security Best Practices on AWS
Amazon Web Services
Destacado
(6)
فداء ملائكي
فداء ملائكي
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
Salon stylistprofiles
Salon stylistprofiles
نهاد... أيامي في انتظارك
نهاد... أيامي في انتظارك
Building Secure Architectures on AWS
Building Secure Architectures on AWS
Security Best Practices on AWS
Security Best Practices on AWS
Similar a Ponemon cloud security study
The state of the cloud csa survey webinar
The state of the cloud csa survey webinar
AlgoSec
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
Jeremiah Grossman
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
Symantec
Security and the cloud
Security and the cloud
FREVVO
The State of Network Security 2014
The State of Network Security 2014
AlgoSec
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS Environments
Info-Tech Research Group
2021 State of Cloud Permissions Risks Report (1).pdf
2021 State of Cloud Permissions Risks Report (1).pdf
Cade Soluciones
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
Christopher Doman
mcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdf
AndreBolo1
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
Matthew Moldvan
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot Spot
Tech Mahindra
WP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdf
Christopher Doman
What is cloud computing
What is cloud computing
Hardik Kakadiya
Cloud Computing Stats - Security and Recovery
Cloud Computing Stats - Security and Recovery
RapidScale
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
BoxHQ
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
DevOps.com
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
Karla Sasser, CPA CITP, CIA, CGMA
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
kairostech
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data Center
AlgoSec
OpenStack: The Platform of Choice for Cloud [Infographic]
OpenStack: The Platform of Choice for Cloud [Infographic]
IDG Connect
Similar a Ponemon cloud security study
(20)
The state of the cloud csa survey webinar
The state of the cloud csa survey webinar
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
Security and the cloud
Security and the cloud
The State of Network Security 2014
The State of Network Security 2014
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS Environments
2021 State of Cloud Permissions Risks Report (1).pdf
2021 State of Cloud Permissions Risks Report (1).pdf
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
mcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdf
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot Spot
WP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdf
What is cloud computing
What is cloud computing
Cloud Computing Stats - Security and Recovery
Cloud Computing Stats - Security and Recovery
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data Center
OpenStack: The Platform of Choice for Cloud [Infographic]
OpenStack: The Platform of Choice for Cloud [Infographic]
Último
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
SynarionITSolutions
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
The Digital Insurer
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Último
(20)
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Ponemon cloud security study
1.
Managing Firewall Risks
in the Cloud Survey of U.S. IT & IT Security Practitioners Sponsored by Dome9 Security Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon Institute© Research Report
2.
Managing Firewall Risks
in the Cloud Ponemon Institute, November 2011 Part 1. Introduction Ponemon Institute is pleased to present the results of Managing Firewall Risks in the Cloud. Sponsored by Dome9 Security, this research was conducted to determine the challenges organizations face when managing access and securing firewalls and ports in their cloud environments. We believe this is the first study to look at the risk to cloud security because of unsecured ports and firewalls. Imagine this. Can this happen to your organization? The study surveyed 682 IT and IT security practitioners (hereafter referred to as IT After configuring a cloud server firewall, a practitioners) in the United States. On systems administrator inadvertently locks- average, respondents have more than 10 out your organization’s access to a cloud years IT or IT security experience. Only IT server, thereby preventing it from practitioners working in organizations that processing a mission critical application. use hosted or cloud servers (dedicated or In order to access cloud servers, your virtual private server) completed the survey. organization leaves administrative server The majority of respondents report that their ports (such as SSH or Remote Desktop) organizations use both public clouds and open. These open ports expose the hybrid (semi-public) clouds. Forty percent organization to increased hacker attacks are employed by organizations with a and serious security exploits. worldwide headcount of more than 5,000. Our research shows that the majority of respondents (68 percent) say their organizations use public cloud services. The most commonly cited service providers are listed in Bar Chart 1. Bar Chart 1. The major public cloud service providers used by respondents’ organizations More than one choice is permitted 60% 47% 49% 50% 45% 38% 40% 28% 30% 30% 24% 20% 10% 0% All others Terremark GoGRID RackSpace Google Azure AWS EC2 According to the majority of these respondents (52 percent), the state of cloud server security management is either fair or poor and 21 percent had no comment. This concern can be partly attributed to the finding that 42 percent fear that they would most likely not know if their organizations’ applications or data was compromised by a security exploit or data breach involving an open port on a cloud server. Ponemon Institute© Research Report Page 1
3.
The topics addressed
in this study include: Perceptions about organizations’ ability to mitigate the risk to their cloud servers Barriers to efficiently managing security in the cloud server Responsibility for managing cloud security risks The risk of open ports in a cloud environment The importance of certain features to securing the cloud server The next section reports the key findings of our independently conducted survey research. The results provide strong evidence that organizations’ cloud servers are vulnerable, most IT personnel do not understand the risk and it is a challenge to secure access to and generate reports for cloud servers. Ponemon Institute© Research Report Page 2
4.
Part 2. Key
findings Respondents do not give high marks to their organizations’ cloud server security. Bar Chart 2 shows more than half (52 percent) rate their organizations’ overall management of cloud server security as fair (27 percent) and poor (25 percent). Bar Chart 2. How do you rate your organization’s overall management of cloud server security today? 30% 27% 25% 25% 21% 20% 18% 15% 9% 10% 5% 0% Excellent Good Fair Poor No comment Twenty-one percent of respondents have no comment about the status of cloud server management in their organizations, which could indicate a lack of knowledge about how their organizations are managing access and securing firewalls and ports in their cloud environments. In fact, as shown in Bar Chart 3, 54 percent of respondents say the IT personnel within their organization are not knowledgeable (41 percent) or have no knowledge (13 percent) about the potential risk of open firewall ports in their cloud environments. Bar Chart 3. How knowledgeable are IT operations and infrastructure personnel within your organization about the potential risk caused by open ports in the cloud environment? 45% 41% 40% 35% 32% 30% 25% 20% 14% 13% 15% 10% 5% 0% Very knowledgeable Knowledgeable Not knowledgeable No knowledge Ponemon Institute© Research Report Page 3
5.
Manually configuring a
cloud server firewall frustrates IT practitioners. Bar Chart 4 lists seven (7) attributions or statements about the state of cloud security in respondents’ 1 organizations. Eighty-six percent of respondents strongly agree or agree that configuring their organizations’ cloud server firewall manually is a difficult and sometimes frustrating process. In fact, 79 percent of respondents believe being able to efficiently manage security in the cloud environment is just as important as the security itself. Most respondents (81 percent) agree that in the cloud environment, opening or closing ports to servers containing their organizations’ applications or data is managed via controls provided by the cloud service provider. Bar Chart 4. Respondents’ perceptions about the state of cloud security and remote management of firewalls Strongly agree and agree response combined. Configuring your organization’s cloud server firewall manually is a difficult and sometimes 86% frustrating process. In the cloud environment, opening or closing ports to servers containing your organization’s 81% applications or data is managed via controls provided by the cloud service provider. In the cloud environment, being able to efficiently manage security is just as important as the 79% security itself. In the cloud environment, the physical security of servers containing your organization’s 77% applications or data is primarily determined by the cloud service provider. In the cloud environment, cloud server firewalls are the first place to stop attacks and prevent 73% exploits of OS and application vulnerabilities. In the cloud environment, user access to applications and data is primarily determined by 72% username and passwords. The security of cloud servers containing my organization’s applications and data is a 52% significant priority. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 1 In our survey we used attributions to capture the perceptions of respondents concerning the security of cloud computing environments. These attributions or statements are evaluated using a five-point adjective scale ranging from strongly agree to strongly disagree. A favorable or affirmative response is defined as a strongly agree or agree response. A negative or non-affirmative response is defined as a strongly disagree, disagree or unsure response. Ponemon Institute© Research Report Page 4
6.
Scalability and cost,
according to IT practitioners, are reasons for not having a cloud server firewall management solution. Pie Chart 1 shows 61 percent of respondents say their organization does not have a cloud server firewall management solution. Of those who do not have the solution, Bar Chart 5 shows 62 percent say it is because the solutions are not scalable, they cost too much (59 percent) and solutions are not available (57 percent). Of the 39 percent who say they do have a cloud server firewall management solution, more than half (54 percent) say it is because they manage the cloud server firewall manually. Pie Chart 1. Does your organization have a Bar Chart 5. If no, why not? cloud server firewall management solution The solution is . . . deployed today? Not scalable 62% Cost too much 59% Yes; 39% Not available 57% No; 61% Overly complex 49% Not dependable 43% 0% 20% 40% 60% 80% Ponemon Institute© Research Report Page 5
7.
Responsibility for security
in the cloud server usually rests with either IT operations and the business units. Bar Chart 6a shows 41 percent of respondents say the IT operations department or function is most responsible for ensuring servers that house the organizations’ applications and data in the cloud are adequately secured. Bar Chart 6b shows the groups most responsible for making sure the cloud provider has adequate security controls in-place, which are the business functions (37 percent) followed by IT operations (35 percent). It is interesting to see in both charts that IT security is relatively low in terms of having the most responsibility in ensuring cloud server security. Bar Chart 6. Who within your organization is most responsible? 6a. Who within your organization is most responsible 6b. Who within your organization is most for ensuring servers that house your organization’s responsible for determining whether a given cloud applications and data in the cloud are adequately provider has adequate security controls in-place to secured? protect your organization’s applications and data? IT operations 41% Business functions 37% Managed service 20% IT operations 35% provider IT security 17% IT security 21% Business functions 15% Legal & compliance 5% Data center 5% Data center 2% 0% 10% 20% 30% 40% 50% 0% 10% 20% 30% 40% Bar Chart 7 reports 36 percent believe the cloud provider is most responsible for ensuring security of the cloud operations that support applications and data followed by 33 percent who say this responsibility is shared between the cloud provider and cloud user. Bar Chart 7. In general, who is most responsible for ensuring the security of cloud operations that support your applications and data? 40% 36% 35% 33% 31% 30% 25% 20% 15% 10% 5% 0% Cloud user Both are equal Cloud provider Ponemon Institute© Research Report Page 6
8.
IT practitioners report
that locking out an organization’s access to a cloud server is likely to happen. As noted in Bar Chart 8, when asked if a systems administrator could lockout the organization’s access to a cloud server after configuring the cloud server firewall, 12 percent say this has already happened and 43 percent say this is very likely to happen. Bar Chart 8. Two cloud server firewall risk management scenarios. How likely is likely is each scenario? 50% 45% 43% 42% 40% 35% 30% 25% 22% 19% 18% 20% 16% 14% 15% 12% 9% 10% 5% 5% 0% Already happened Very likely to happen Likely to happen No likely to happen Will never happen After configuring a cloud server firewall, a systems administrator inadvertently locks-out the organization’s access to a cloud server. In order to access cloud servers, your organization leaves administrative server ports open. These open ports expose the company to increased hacker attacks and security exploits. Leaving administrative server ports open and vulnerable to hackers is likely to happen, according to respondents. The above chart also shows 19 of respondents say their organization experienced additional hacker risk or security exploits because of exposed open ports on cloud servers. Another 42 percent say it is very likely that administrative server ports are left open and, thus, the company is exposed to increased hacker attacks and security exploits. Ponemon Institute© Research Report Page 7
9.
Data and applications
in the cloud server are at risk because of the inability to manage access and secure ports and firewalls. According to Bar Chart 9, two-thirds (67 percent) of respondents, their organizations are very vulnerable or vulnerable because ports and firewalls in the cloud environment are not adequately secured. Less than half (46 percent) of respondents say they have IT operations and infrastructure personnel who are very knowledgeable or knowledgeable about this risk. Bar Chart 9. How vulnerable is your organization because it does not adequately secure ports and firewalls in cloud environments? 40% 35% 35% 32% 30% 24% 25% 20% 15% 9% 10% 5% 0% Very vulnerable Vulnerable Not vulnerable Unsure Automated firewall policy management is more important in the cloud environment because it is elastic, according to 40 percent of respondents. Thirty-six percent say their organization cannot manage access or generate reports efficiently and 29 percent say they manage access through the cloud provider’s tools but cannot see the access reports. Bar Chart 10. Relative to on-premises computing, how important is automated firewall policy management in the cloud environment? More important in the cloud environment because 40% it is elastic Equally important in both on-premises and cloud 32% environments Unsure 20% Less important in the cloud environment 8% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Ponemon Institute© Research Report Page 8
10.
Automatic firewall configuration,
an inexpensive solution and centralized control over all closed and open ports on cloud servers top the wish list of IT practitioners. Bar Chart 11 lists features relating to cloud firewall risk management solutions. Seventy-eight percent of respondents say the feature most important is a solution that closes ports automatically without having to reconfigure the firewall manually. The second most important feature, according to 73 percent of respondents, is a solution that costs less than traditional managed service solutions. Seventy-two percent of respondents say a solution providing centralized control over all closed and open ports on cloud servers is most important to them. Bar Chart 11. How important are the following technology features regarding cloud server 2 firewall security? Very important and important response combined The solution closes ports automatically, so you 78% don’t have to manually reconfigure your firewall. The solution is inexpensive, costing companies about 20% of the cost of managed service 73% solutions. The solution provides centralized control over all 72% closed and open ports on cloud servers. The solution is scalable to all cloud servers 69% irrespective of location. The solution keeps all administrative ports closed on your servers without losing access and 69% control. The solution can consolidate security management across the cloud (i.e., multiple cloud 65% providers). The solution securely accesses your cloud 63% servers without fear of getting locked out. The solution provides audited reports showing who has access, when it occurred, what servers 62% were accessed, and why access was granted. The solution provides delegated administration so an organization can segregate who can access 61% and who can manage a given cloud server. The solution dynamically opens any port on- 59% demand, any time and from anywhere. The solution sends time and location-based 56% secure access invitations to third parties. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 2 Respondents were asked to assume that the above-mentioned features result from a proprietary software download to each cloud server containing their organization’s applications and data. Ponemon Institute© Research Report Page 9
11.
Part 3. Methods A
random sampling frame of 18,997 adult-aged individuals who reside within the United States was used to recruit and select participants to this survey. Our randomly selected sampling frame was built from proprietary lists of highly experienced IT and IT security practitioners with bona fide credentials. As shown in Table 1, 727 respondents completed the survey. Of the returned instruments, 64 surveys failed reliability checks. A total of 831 surveys were available before screening. One screening questions were used to remove respondents who did not have relevant experience or knowledge. This resulted in a final sample of 682 individuals. Table 1. Survey response Freq. Pct% Sampling frame 18,997 100.0% Total returns 727 3.8% Rejected surveys 64 0.3% Sample before screening 863 4.5% Final sample 682 3.6% Table 2 reports the respondent’s organizational level within participating organizations. Fifty-six percent of respondents are at or above the supervisory levels. On average, respondents had more than10 years of overall experience in either the IT or IT security fields, and nearly five years in their present position. Table 2. Respondents’ position level Pct% Vice President 2% Director 15% Manager 21% Supervisor 18% Technician 37% Staff 4% Contractor 3% Total 100% Table 3 shows that the most frequently cited reporting channels among respondents are the CIO (58 percent), CISO (20 percent) and chief risk officer (8 percent). Table 3. Respondents’ primary reporting channel Pct% Chief Information Officer 58% Chief Information Security Officer 20% Chief Risk Officer 8% Chief Financial Officer 4% Chief Security Officer 4% General Counsel 3% Compliance Officer 3% Total 100% Ponemon Institute© Research Report Page 10
12.
Table 4 reports
the worldwide headcount of participating organizations. It reports that 65 percent of respondents are located in organizations with more than 1,000 employees. Table 4. Worldwide headcount of respondents’ organizations Pct% < 500 16% 500 to 1,000 19% 1,001 to 5,000 25% 5,001 to 25,000 18% 25,001 to 75,000 13% 75,001 to 100,000 4% 101,000 to 150,000 3% > 150,000 2% Total 100% Table 5 reports the respondent organization’s global footprint. As can be seen, a large number of participating organizations are multinational companies that operate outside the United States. Table 5: Geographic footprint of respondents’ organizations Pct% United States 100% Canada 75% Europe 68% Middle East & Africa 41% Asia-Pacific 58% Latin America 43% Pie Chart 2 reports the industry distribution of respondents’ organizations. As shown, financial services (including retail banking, insurance, brokerage and payments), public sector (federal, state and local), and healthcare and pharmaceuticals are the three largest industry segments. Pie Chart 2: Industry distribution of respondents’ organizations Financial services 3% 2% 3% Public sector 3% 20% 3% Health & pharmaceuticals Industrial 4% Services 5% Retailing Hospitality Education & research 5% 12% Technology & Software Communications 6% Consumer products Energy 7% 11% Entertainment & media Transportation 8% 8% Defense Ponemon Institute© Research Report Page 11
13.
Part 4. Limitations There
are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals in IT and IT security located in the United States, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs or perceptions about data protection activities from those who completed the instrument. Sampling-frame bias: The accuracy is based on contact information and the degree to which the sample is representative of individuals in the IT and IT security fields. We also acknowledge that the results may be biased by external events. We also acknowledge bias caused by compensating respondents to complete this research within a holdout period. Finally, because we used a web-based collection method, it is possible that non-web responses by mailed survey or telephone call would result in a different pattern of findings. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that certain respondents did not provide accurate responses. Ponemon Institute© Research Report Page 12
14.
Part 5. Conclusion The
IT practitioners in our study acknowledge that cloud server security is vulnerable and open ports expose the company to increased hacker attacks and security exploits. According to the findings in this study, some of the main barriers to mitigating risks include the current perception that cloud server security is not a priority and the lack of IT operations and infrastructure employees who are knowledgeable about the importance of securing ports and access. We also learned that accountability for the security of cloud servers is rarely with IT security but with the business units or IT operations. We believe the primary reason for this perception is that in general the business units and not IT security are most responsible for provisioning cloud services. For example, research and engineering developers are adopting the cloud faster than IT departments and in many cases IT departments are not involved in the adoption and deployment of cloud services. Based on the findings, it is recommended that organizations take the following steps: Create awareness among the organization’s leadership of the importance of cloud server security to safeguarding critical data and applications. Investigate solutions that are both efficient and cost effective. Create accountability for cloud server security. Make sure those who are accountable are knowledgeable about the risks. Ensure that the cloud service providers have appropriate controls in place. Require cloud service providers to notify those accountable for cloud server security if the organizations’ applications or data are compromised by a security exploit or data breach involving an open port on a cloud server. As more data and applications migrate to the cloud, security of the cloud server should become a significant priority for the organization. These recommendations should help IT practitioners make a difference in reducing the risk of a potentially costly and damaging attack. Ponemon Institute© Research Report Page 13
15.
Appendix: Detailed Survey
Results The following tables provide the frequency or percentage frequency of responses to all survey questions contained in this study. All survey responses were captured over a three-week period ending in October 2011. Survey response Freq. Pct% Sampling frame 18,997 100.0% Total returns 727 3.8% Rejected surveys 64 0.3% Sample before screening 863 4.5% Final sample 682 3.6% Part 1. Screening question S1. Does your organization use hosted or cloud servers (dedicated or virtual private server (VPS))? Freq. Pct% Yes 682 79% No (stop) 181 21% Total 863 100% Part 2. General questions Q1a. Please check the types of cloud environments your organization presently uses. Pct% Private cloud 31% Public cloud 68% Hybrid (semi-public) cloud 50% Other 2% Total 151% Q1b. How many of the following major cloud service providers does your organization use? Please select all that apply. Pct% Windows Azure 47% Goggle App Engine 45% Amazon EC2 49% RackSpace 38% GoGRID 30% Terremark 28% None of the above 24% Total 261% Attributions. Please rate the following statements using the five-point Strongly scale provided below each statement. Strongly agree and agree responses. agree Agree Q2a. The security of cloud servers containing my organization’s applications and data is a significant priority. 27% 25% Q2b. In the cloud environment, cloud server firewalls are the first place to stop attacks and prevent exploits of OS and application vulnerabilities. 38% 35% Q2c. In the cloud environment, user access to applications and data is primarily determined by username and passwords. 38% 34% Q2d. In the cloud environment, the physical security of servers containing your organization’s applications or data is primarily determined by the cloud service provider. 40% 37% Q2e. In the cloud environment, opening or closing ports to servers containing your organization’s applications or data is managed via controls provided by the cloud service provider. 44% 37% Ponemon Institute© Research Report Page 14
16.
Q2f. Configuring your
organization’s cloud server firewall manually is a difficult and sometimes frustrating process. 46% 39% Q2g. In the cloud environment, being able to efficiently manage security is just as important as the security itself. 40% 39% Q3a. Does your organization have a cloud server firewall management solution deployed today? Pct% Yes 39% No 61% Total 100% Q3b. If yes, what best describes the solution used by your organization today? Pct% We manage the cloud server firewall manually 54% We use managed security services for our cloud server firewalls 20% We have a third-party solution that allows us to manage cloud server firewalls remotely 26% Other (please specify) 0% Total 100% Q3c. If no, why not? Please select all that apply. Pct% Solutions are overly complex 49% Solutions are not scalable 62% Solutions cost too much 59% Solutions are not available 57% Solutions are not dependable 43% Other (please specify) 2% Total 272% Q3d. If you are using a third party service provider to manage cloud server security, approximately what do you pay each month per server for this service (do not include hosting cost)? Your best guess is welcome. Pct% Less than $20 35% $21 to $50 38% $51 to $100 8% $101 to $150 3% More than $150 2% Don't know 14% Total 100% Extrapolated value ($ each month per server) 34.0 Q4. In your opinion, how likely are the following scenarios? Please rate the following events using the scale provided below each item. Q4a. After configuring a cloud server firewall, a systems administrator inadvertently locks-out the organization’s access to a cloud server. Pct% Already happened 12% Very likely to happen 43% Likely to happen 22% No likely to happen 18% Will never happen 5% Total 100% Ponemon Institute© Research Report Page 15
17.
Q4b. In order
to access cloud servers, your organization leaves administrative server ports (e.g., SSH, Remote Desktop, etc) open. These open ports expose the company to increased hacker attacks and security exploits. Pct% Already happened 19% Very likely to happen 42% Likely to happen 9% Not likely to happen 14% Will never happen 16% Total 100% Q5. In your opinion, how vulnerable is your organization because it does not adequately secure ports and firewalls in cloud environments? Pct% Very vulnerable 32% Vulnerable 35% Not vulnerable 9% Unsure 24% Total 100% Q6. In your opinion, how knowledgeable are IT operations and infrastructure personnel within your organization about the potential risk caused by open ports in the cloud environment? Pct% Very knowledgeable 14% Knowledgeable 32% Not knowledgeable 41% No knowledge 13% Total 100% Q7. Which one statement best describes how your organization manages access to cloud servers and generates reports that show who had access, when access occurred, and what servers were accessed. Pct% Our organization uses the cloud service provider’s tools 21% Our organization manages access through the cloud provider’s tools, but it cannot see access reports 29% Our organization manages access and generate reports directly from each cloud server, but it is manual 14% Our organization cannot manage access or generate reports efficiently 36% Total 100% Q8. Relative to on-premises computing, how important is automated firewall policy management in the cloud environment? Pct% More important in the cloud environment because it is elastic 40% Equally important in both on-premises and cloud environments 32% Less important in the cloud environment 8% Unsure 20% Total 100% Ponemon Institute© Research Report Page 16
18.
Q9. How important
are the following eleven (11) features regarding cloud server security. Please rate each feature from very important = 1 to irrelevant = 4. Assume that these features result from a proprietary software download to each cloud server containing your organization’s applications and data. Shown only are the very important and important Very responses. important Important The solution provides audited reports showing who has access, when access occurred, what servers were accessed, and for what purpose access was granted. 21% 40% The solution provides delegated administration so an organization can segregate who can access and who can manage a given cloud server. 20% 41% The solution can consolidate security management across the cloud (i.e., multiple cloud providers). 28% 37% The solution keeps all administrative ports closed on your servers without losing access and control. 37% 32% The solution dynamically opens any port on-demand, any time and from anywhere. 34% 25% The solution sends time and location-based secure access invitations to third parties. 23% 33% The solution closes ports automatically, so you don’t have to manually reconfigure your firewall. 38% 40% The solution securely accesses your cloud servers without fear of getting locked out. 35% 28% The solution is scalable to all cloud servers irrespective of location. 28% 41% The solution is inexpensive, costing companies about 20% of the cost of managed service solutions. 33% 40% The solution provides centralized control over all closed and open ports on cloud servers. 35% 37% Q10. Who within your organization is most responsible for ensuring servers that house your organization’s applications and data in the cloud are adequately secured? Pct% Managed service provider 20% IT operations 41% IT security 17% Data center management 5% Business functions 15% Other 2% Total 100% Q11. Who within your organization is most responsible for determining whether a given cloud provider has adequate security controls in-place to protect your organization’s applications and data? Pct% IT operations 35% IT security 21% Legal and compliance 5% Data center management 2% Business functions 37% Other 0% Total 100% Ponemon Institute© Research Report Page 17
19.
Q12. In general,
who is most responsible for ensuring the security of cloud operations that support your applications and data? Pct% Cloud provider 36% Cloud user 31% Both are equal 33% Total 100% Q13. If your organization’s applications or data was compromised by a security exploit or data breach involving an open port on a cloud server, how would you know? Pct% The cloud provider would inform us. 39% Our system would provide a warning or other message signaling the event 19% Most likely, we wouldn’t know 42% Total 100% Q14. How do you rate your organization’s overall management of cloud server security today? Pct% Excellent 9% Good 18% Fair 27% Poor 25% No comment 21% Total 100% Part 3. Demographics and organizational characteristics D1. What organizational level best describes your current position? Pct% Senior Executive 0% Vice President 2% Director 15% Manager 21% Supervisor 18% Technician 37% Staff 4% Contractor 3% Other 0% Total 100% D2. Check the Primary Person you or your IT security leader reports to within the organization. Pct% Chief Information Officer 58% Chief Information Security Officer 20% Chief Risk Officer 8% Chief Financial Officer 4% Chief Security Officer 4% General Counsel 3% Compliance Officer 3% Total 100% D3. Total years of relevant experience Mean Median Total years of IT or IT security experience 10.19 10.00 Total years in present position 4.83 4.50 Ponemon Institute© Research Report Page 18
20.
D4. What industry
best describes your organization’s industry focus? Pct% Financial services 20% Public sector 12% Health & pharmaceuticals 11% Industrial 8% Services 8% Retailing 7% Hospitality 6% Education & research 5% Technology & Software 5% Communications 4% Consumer products 3% Energy 3% Entertainment & media 3% Transportation 3% Defense 2% Total 100% D5. Where are your employees located? (check all that apply): Pct% United States 100% Canada 75% Europe 68% Middle East & Africa 41% Asia-Pacific 58% Latin America 43% D6. What is the worldwide headcount of your organization? Pct% < 500 16% 500 to 1,000 19% 1,001 to 5,000 25% 5,001 to 25,000 18% 25,001 to 75,000 13% 75,001 to 100,000 4% 101,000 to 150,000 3% > 150,000 2% Total 100% Ponemon Institute© Research Report Page 19
21.
If you have
any questions about this research, please contact Ponemon Institute at research@ponemon.org, or contact us via our toll free number 1.800.887.3118. Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or organization identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions. Ponemon Institute© Research Report Page 20
Descargar ahora