SYS-CON MEDIA Authors: Elizabeth White, Xenia von Wedel, Peter Silva, Glenn Rossman, Ava Smith

Blog Feed Post

Over Half Of Chief Information Officers Fail To Test Cloud Vendors’ Security Systems & Procedures

  • Only 45% of CIOs report that they test security systems and procedures provided by cloud vendors

  • Security issues remain the biggest concern for CIOs migrating their systems to the cloud

  • Vast majority (84%) of CIOs are either concerned or very concerned about cybersecurity

LONDON, 5 December, 2012 - Cybersecurity tops CIO's concerns, with 84% of CIOs stating that they are either concerned or very concerned about the risks associated with IT security breaches. Yet while security issues remain the biggest concern that CIOs have about migrating their technology functions to the cloud, less than half (45%) test cloud vendors' security systems and procedures.

The news follows a report by the Cloud Industry Forum (CIF), which found that the rate of adoption by UK organisations is accelerating. Its study of 250 IT directors in private and public sector organisations found that 61% of companies are using a cloud-based service, compared with just 48% in 2011.

Other measures adopted by CIOs to tackle the cybersecurity risk include improving physical security (44%), developing business continuity processes (39%), identifying management systems (34%) and relying on an external audit provider (13%). Surprisingly, more than one-in-10 (11%) of CIOs said that they not taking any proactive action to address cybersecurity, while 12% said that they were 'not concerned' about cybersecurity.

100 UK CIOs were asked: 'How concerned are you about cybersecurity?' Their responses:

Very concerned

30%
Somewhat concerned54%
Not concerned at all12%
Don't know4%

The research follows earlier findings from Robert Half that almost a quarter (23%) of Chief Information Officers (CIOs) and IT directors across the UK say they have no plans to migrate IT systems to the cloud , despite clear benefits such as cost savings and flexibility of service. As well as security concerns, CIOs say that continuity of service is a barrier to adopting cloud (36%), followed by data integrity (32%), speed of service (31%) and costs (30%).

Phil Sheridan, Managing Director, Robert Half Technology said: "Looking towards 2013, CIOs are charged with juggling multiple priorities, with regulation, integration and migration projects putting additional pressure on busy IT departments. But the risks of not migrating to the cloud, notably the achievement of significant cost reductions, may outweigh the potential security risks that concern IT executives. Budgets continue to be stretched and any potential cost savings that IT can deliver will be welcomed throughout the business.

"We anticipate significant demand for both permanent and contract technology professionals with IT security, infrastructure project management and data migration skills in 2013. While cloud migration may provide cost savings in data storage and warehousing, companies still need the requisite talent to implement and manage cloud initiatives, ensuring that IT security remains a priority."

Ryan Rubin, UK Director of risk consultancy Protiviti, a wholly-owned subsidiary of Robert Half, said: "These statistics indicate that either there is an inherent trust in cloud service providers; that they have good security governance in place or there is a lack of visibility of potential risks associated with using them. However, there is also a potential risk that CIOs are not always involved in the overall business making decision to procure cloud services - limiting their ability to carry out effective due diligence before these services are adopted.

"Since an increasingly higher percentage of IT security breaches involve third parties, gaining assurance from cloud providers is critical to managing information security risk. Whilst companies may migrate IT towards cloud providers in an attempt to reduce costs, they cannot outsource their information security risks. Unless adequately managed, the cost of security breaches - either regulatory and or legal - may outweigh the perceived benefits of moving into the cloud."

-Ends-

About Robert Half
Robert Half is the world's first and largest specialised recruitment consultancy and member of the S&P 500. Founded in 1948, the company has over 350 offices worldwide and more than 20 in the United Kingdom providing temporary, interim and permanent recruitment solutions for accounting and finance, financial services, technology, human resources, marketing and administrative professionals. Named one of the Sunday Times' 100 Best Companies to Work For, Robert Half offers workplace and job seeker resources at roberthalf.co.uk and twitter.com/roberthalfuk.

About Protiviti -
Protiviti (http://www.protiviti.com/) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through its network of more than 70 offices in over 20 countries, Protiviti has served more than 35 percent of FORTUNE® 1000 and Global 500 companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

Protiviti is a wholly owned subsidiary of Robert Half International Inc. (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index

Kristie Perrotte
Senior PR & Communications Manager
Robert Half UK
0207 331 2227
[email protected]

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

Latest Stories
Connected devices and the Internet of Things are getting significant momentum in 2014. In his session at Internet of @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, examined three key elements that together will drive mass adoption of the IoT before the end of 2015. The first element is the recent advent of robust open source protocols (like AllJoyn and WebRTC) that facilitate M2M communication. The second is broad availability of flexible, cost-effective ...
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happe...
The Internet of Things will put IT to its ultimate test by creating infinite new opportunities to digitize products and services, generate and analyze new data to improve customer satisfaction, and discover new ways to gain a competitive advantage across nearly every industry. In order to help corporate business units to capitalize on the rapidly evolving IoT opportunities, IT must stand up to a new set of challenges. In his session at @ThingsExpo, Jeff Kaplan, Managing Director of THINKstrateg...
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will w...
Cultural, regulatory, environmental, political and economic (CREPE) conditions over the past decade are creating cross-industry solution spaces that require processes and technologies from both the Internet of Things (IoT), and Data Management and Analytics (DMA). These solution spaces are evolving into Sensor Analytics Ecosystems (SAE) that represent significant new opportunities for organizations of all types. Public Utilities throughout the world, providing electricity, natural gas and water,...
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Want to enable self-service provisioning of application environments in minutes that mirror production? Can you automatically provide rich data with code-level detail back to the developers when issues occur in production? In his session at DevOps Summit, David Tesar, Microsoft Technical Evangelist on Microsoft Azure and DevOps, will discuss how to accomplish this and more utilizing technologies such as Microsoft Azure, Visual Studio online, and Application Insights in this demo-heavy session.
When an enterprise builds a hybrid IaaS cloud connecting its data center to one or more public clouds, security is often a major topic along with the other challenges involved. Security is closely intertwined with the networking choices made for the hybrid cloud. Traditional networking approaches for building a hybrid cloud try to kludge together the enterprise infrastructure with the public cloud. Consequently this approach requires risky, deep "surgery" including changes to firewalls, subnets...
DevOps is all about agility. However, you don't want to be on a high-speed bus to nowhere. The right DevOps approach controls velocity with a tight feedback loop that not only consists of operational data but also incorporates business context. With a business context in the decision making, the right business priorities are incorporated, which results in a higher value creation. In his session at DevOps Summit, Todd Rader, Solutions Architect at AppDynamics, discussed key monitoring techniques...
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, discussed how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money!
One of the biggest challenges when developing connected devices is identifying user value and delivering it through successful user experiences. In his session at Internet of @ThingsExpo, Mike Kuniavsky, Principal Scientist, Innovation Services at PARC, described an IoT-specific approach to user experience design that combines approaches from interaction design, industrial design and service design to create experiences that go beyond simple connected gadgets to create lasting, multi-device exp...
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect...
High-performing enterprise Software Quality Assurance (SQA) teams validate systems that are ready for use - getting most actively involved as components integrate and form complete systems. These teams catch and report on defects, making sure the customer gets the best software possible. SQA teams have leveraged automation and virtualization to execute more thorough testing in less time - bringing Dev and Ops together, ensuring production readiness. Does the emergence of DevOps mean the end of E...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using ...
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series dat...