If you sometimes feel as though the compliance officials in your organization don't quite get it when it comes to cloud security, recent survey data out of the Ponemon Institute indicates you're not alone. Compliance pros tend to view cloud service providers as more secure than IT believes them to be, reports Fahmida Y. Rashid at eWeek.

The survey, which included more than 1,000 respondents in IT, information security, compliance and privacy, showed that the two sets of professionals tend to have different opinions on who is in charge of defining and handling security requirements for cloud computing. About 21 percent of the compliance pros said it is up to them to define the requirements, and 22 percent of the IT pros said that it is up to the business leaders. They both agreed, however, that enforcing the requirements falls to the business leaders.

Compliance officials tend to be more optimistic than IT pros about the security delivered by service providers and the effectiveness of their organizations' own security policies. Almost half of the compliance pros said that on-premise data centers and infrastructure-as-a-service providers were equally secure, while just 33 percent of the IT pros see is that way. Forty-two percent of the compliance pros said their internal policies and procedures were sufficient for IaaS security, but only 34 percent of the IT pros felt the same way.

Nobody, it seems, wants to take full ownership for cloud security, so the responsibilities are divided. "This makes it extremely difficult for organizations to implement an enterprise-wide data security strategy that incorporates protection for sensitive information in the cloud," said Richard Gorman, CEO of encryption provider Vormetric, which sponsored the survey.

IT and compliance professionals also disagree on how best to secure data stored in the cloud, the survey found. IT experts said encryption should be used to protect data from the eyes of service providers, while compliance experts said encryption should be used primarily as a means of keeping IT administrators from seeing data they don't need. Either way, more than two-thirds of the respondents said that their organizations don't encrypt data in the cloud anyway.

For more, see:
- Fahmida Y. Rashid's article at eWeek

Related Articles:
Florida city uses security app for records in the cloud
Consultant firm ranks cloud-computing vendors