Beancounters at a cybersecurity firm found that 40 percent of large UK businesses expect to be cloud-only by 2021, with 70 per cent expecting to be cloud-only at some pointin the future.
However, establishing who is responsible for cloud security in an organisation is struggling to keep pace.
McAfee’s latest survey of over 2,000 senior IT staff and employees in the UK, France and Germany found a lack of consensus as to who in the business is ultimately responsible for cloud security. Some 14 percent said the CEO should take responsibility, while 19 percent believe it should be the chief information officer. Just five percent said the chief information security officer is responsible for cloud security. The role of IT manager drew the largest number of votes, with 34 percent believing them responsible for cloud security.
Nigel Hawthorn, EMEA director of cloud security business at McAfee said: “I think we’re in a dangerous place if we’re going to cloud as fast as possible, but we haven’t decided who’s responsible for the security.”
Raj Samani, chief scientist and McAfee fellow said: “You can outsource the work, but you can’t outsource the risk. The reality is [that] in cloud computing, we see organisations and people migrating and outsourcing over to cloud services with the belief that it absolutely absolves them of any risk or any concerns.”
GlobalData’s technology deputy editor Rob Scammell says: “Data repositories containing sensitive business or customer information can be misconfigured by businesses, providing easy pickings for cybercriminals.”
Hawthorn and Samani believe that ultimately an organisation needs to decide who is responsible for cloud security, give them adequate resources and allow their voice to be heard by the board.