A recent Ponemon study on cloud security looked at the perspectives of cloud service providers themselves, and had some interesting findings.

- the top two reasons cited as to why customers move to cloud services were reduce cost (81%) and faster deployment time (79%)

- Asked the question "how confident are you that your customer's security requirements are met", 61% of European cloud service providers were either not confident, or unsure. For US service providers, 63% were either not confident or unsure.

- Asked about various cloud computing security risks, and how confident they were that their services addressed the risks, the two risks that the cloud service providers were least confident about were ensuring proper data segregation (36% were confident), and restricting privileged user access (32%)

- In terms of data that is deemed to be "too risky for the cloud" by users, the study found that IP was ranked highest (68%) , followed by financial information (62%), and health information (61%)
 
- Finally, the survey turned up a significant perception gap in terms of who is responsible for security. 69% of of cloud service providers surveyed thought that users were most responsible for ensuring the security of cloud services, while a similar study by Ponemon found that when users were surveyed on this same question, only 35% of users thought that users are responsible.

The complete study can be found on the Ponemon website at: http://www.ponemon.org

These findings highlight some of the key security concerns around cloud computing. CipherPoint's take here:

- It is clear that cloud service providers don't have security as a high priority

- It is also clear that in the present economic environment, pressures to move to cloud will increase, as organizations seek to reduce cost and become more agile

- From a security standpoint, the large enterprises that we talk to are very concerned about putting sensitive data into cloud platforms, for good reason, as the cloud service providers haven't (and likely never will) take security as seriously as their customers do.

- Particularly for collaboration platforms, there is an inherent tension around information privacy and the security controls that keep information private. There is little incentive for the providers of cloud collaboration platforms (Google Docs, Yammer, Box.net, and Dropbox) to deliver security controls that encrypt and protect data. To the extent that they want to use cloud collaboration services with sensitive or regulated information, customers will have to look for third party products to secure this information.

JD