As healthcare cloud spreads, who’s responsible for security?

In the face of lingering confusion, cloud customers are beginning to take security matters into their own hands, with two-thirds of survey respondents saying they are adding security features when accessing public clouds.

Jeff Rowe | Oct 09, 2017 12:00 am

As adoption of public cloud services accelerates, cloud providers and customers still haven’t completely clarified who’s responsible for data and application security.

That’s according to a survey of 300 IT decision makers released recently by data security specialist Barracuda Networks Inc., which found that while 44 percent of respondents run their infrastructure in the public cloud, and that percentage is expected to double over the next five years, security concerns persist, with nearly three-quarters of those polled still worried about data and network security as new vulnerabilities emerge on a weekly basis. 

"This survey confirms what we are hearing from customers and partners — security remains a key concern for organizations evaluating public cloud, and there's confusion over where their part of the shared responsibility model begins and ends," said Tim Jefferson, vice president, public cloud, Barracuda. "Many organizations realize that cloud deployments can be inherently more secure than on-premises deployments because cloud providers are collectively investing more into security controls than they could on their own. However, the organizations benefiting most from public cloud are those that understand that their public cloud provider is not responsible for securing data or applications and are augmenting security with support from third-party vendors.”

In response to their findings, Barracuda recommended that, among other things, organizations should weigh cloud licensing options by usage, hourly, or unlimited subscriptions, giving them a better understanding of how to utilize these options for greater cost control, and that they should look for vendors that can provide a common management scheme—either in their solutions or using public cloud security infrastructures to simplify managing and monitoring ongoing security.