Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


IT Unaware of All Cloud Services Used in Their Enterprise; Less Than Half of Cloud Services are Vetted for Security

IT Unaware of All Cloud Services Used in Their Enterprise; Less Than Half of Cloud Services are Vetted for Security

Security, IT and Management Must Collaborate to Ensure Cloud is Safe for Even Most Sensitive Information

Cloud Security Study: IT Unaware of All Cloud Services Used in Their Enterprise; Less Than Half of Cloud Services are Vetted for Security

Security, IT and Management Must Collaborate to Ensure Cloud is Safe for Even Most Sensitive Information
ISLANDIA, N.Y., May 12, 2010 – CA, Inc. (NASDAQ: CA) and the Ponemon Institute today announced a study analyzing significant cloud security concerns that persist among IT professionals when it comes to cloud services used within their organization.  The study, entitled “Security of Cloud Computing Users,” reveals that more than half of U.S. organizations are adopting cloud services, but only 47 percent of respondents believe that cloud services are evaluated for security prior to deployment. Of equal concern, more than 50 percent of respondents in the U.S. say their organization is unaware of all the cloud services deployed in their enterprise today.
“Organizations put themselves at risk if they fail to evaluate cloud services for security and don’t have a view of what cloud services are in use throughout the business,” said Dave Hansen, corporate senior vice president and general manager for CA’s Security business. “All parties – IT, the end user, and management – should be involved in the decision making process and need to build guidance around cloud computing adoption to help their organizations more securely deploy cloud services.”
Findings also showed that there is substantial concern in maintaining security with many industries’ mission critical data sets and business processes in the cloud. The surveyed IT practitioners note that a variety of data sets are still too risky to store in the cloud:
·         68 percent thought that cloud computing is too risky to store financial information and intellectual property;
·         55 percent do not want to store health records in the cloud; and
·         43 percent are not in favor of storing credit card information in the cloud.
Additional key findings from the study include:
·         Less than 30 percent of respondents are confident they can control privileged user access to sensitive data in the cloud.
·         Only 14 percent of respondents believe cloud computing will actually improve their organization’s security posture.
·         Just 38 percent of respondents agree that their organization has identified information deemed too sensitive to be stored in the cloud.
The research suggests that IT personnel should take a full inventory of their organization’s cloud computing resources, closely evaluate cloud providers, and assess the steps taken to mitigate risks. Going forward, IT should institute policies around what data is appropriate for cloud use and should evaluate deployments before they are made. 
“These results further underscore the importance of an actively engaged IT department with the resources and authority to vet cloud services and vendors prior to deployment,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.  “Cloud computing applications hold a great deal of promise for organizations, but regarding their adoption as a fait accompli and expecting IT to accommodate their use is an approach fraught with risk, and the implications for information security and data privacy are potentially dire.”
CA and Cloud Security
CA has brought solutions to the market aimed at extending identity and access management (IAM) technologies used in the enterprise to the cloud. It also is providing IAM for cloud providers who need to control access to their services. In addition, CA is currently developing an identity and access management offering to be delivered as a cloud service. 
For a copy of the study, please visit
About the study
The Security of Cloud Computing Users studysampled 642 IT and IT security practitioners in the U.S. during the month of March, and included both technicians and managers in a wide range of industries. Respondents on average had 12 years of experience in the field.  
About CA
CA (NASDAQ: CA) is an IT management software and solutions company with expertise across all IT environments – from mainframe and physical, to virtual and cloud. CA manages and secures IT environments and enables customers to deliver more flexible IT services. CA’s innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 rely on CA to manage their evolving IT ecosystems. For additional information, visit CA at Follow CA on Twitter
About Ponemon Institute
The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.
Connect with CA
              CA Social Media Page
              CA Newsletters
              CA Press Releases
              CA Podcasts
              CASecurity Twitter
Legal Notices
Copyright © 2010 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Press Contacts
Leanne Agurkis
CA, Inc.
Phone: 386-738-1912