The Ponemon-Sullivan Privacy Report includes original columns and a roundup of worldwide privacy news. It’s the best way to keep up with Ponemon Institute Research and Bob Sullivan’s opinions. Keep informed, sign up here.
Last week with CA Technologies we issued the results of a study of cloud service providers and their views on cloud security. There has been a lot of interest in this study. Readers have reviewed the results and responded with some very good questions and comments. In a nutshell, people – including us – were surprised by the results, which showed that cloud providers didn’t put security as the No. 1 concern in providing their services.
As a result, we have had some questions about “who” we polled for this study beyond the information provided in the study. People were curious as to whether or not we had some of the large public cloud providers in our study, and I will try to clear things up here.
Our unit of analysis is the IT practitioner who self-reported that he or she is employed by organizations that provide cloud services. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacyand ethical research standards. Therefore, we do not collect any personally identifiable information or company identifiable information in our research. However, as shown below , we do ask respondents to report such demographics as the approximate size of their organizations using employee headcount and their organizational level.
Table 6 , taken from our report, shows that 58 percent of respondents from the U.S. work in organizations with more than 1,000 employees, and 50 percent of respondents work in companies of that size for the Europe sample. The respondents represented both large and small service providers. While we do not collect company identifiable information about the cloud providers and cannot tell you their names, based on responses we had representation from very large organizations.
Table 6: Worldwide headcount of respondents’ organization?
Less than 500 people
500 to 1,000 people
1,001 to 5,000 people
5,001 to 10,000 people
10,001 to 25,000 people
25,001 to 75,000 people
More than 75,000 people
As you can see from Table 3 below, also from our report, we started with a broad pool to get a statistically significant response rate that is representative of the population of IT practitioners working in organizations providing cloud computing services. Most of our respondents were directors, managers, supervisors or technicians – so folks in the trenches, watching how things operate day-to-day, on up to management (see Table 4 below).
Further respondent data includes:
Table 3: Sample response
Contacts made (by phone)
Rejections for reliability
Table 4: Respondents’ organizational level
Staff or technician
Contractor or other
This isn’t our first look at cloud security and I’m sure it won’t be the last as we move forward into the shifting computing paradigm. And as we continue our work, the Ponemon Institute willoperate with the utmost integrity and transparency as we help industry uncover the emerging trends affecting the security and privacy sector.