Survey by IEEE and Cloud Security Alliance Details Importance and Urgency of Cloud Computing Security Standards
Enterprises eager to adopt cloud computing, but regulatory requirements demand security standards compliance
San Francisco, CA – March 1, 2010 (RSA Conference) – IEEE, the world’s leading professional association for the advancement of technology, and the Cloud Security Alliance (CSA), a not-for-profit organization formed to promote the use of best practices for providing security assurance within cloud computing, today announced results of a survey of IT professionals that reveals overwhelming agreement on the importance and urgency of cloud computing security standards.
“It’s clear from the survey’s findings that enterprises across sectors are eager to adopt cloud computing—but that security standards are needed both to accelerate cloud adoption on a wide scale and to respond to regulatory drivers,” said Jim Reavis, founder and executive director of the Cloud Security Alliance. “Cloud computing is shaping the future of IT, but, as this study shows in a variety of ways, the absence of a compliance environment is having dramatic impact on cloud computing’s growth.”
Hundreds of IT professionals, many of whom are actively involved in implementing cloud-related projects, participated in the joint IEEE/CSA survey. Among the survey’s findings:
- Ninety-three percent of respondents said the need for cloud computing security standards is important; 82 percent said the need is urgent.
- Forty-four percent of respondents said they are already involved in development of cloud computing standards, and 81 percent said they are somewhat or very likely to participate in development of cloud security standards in the next 12 months.
- Data privacy, security and encryption comprise the most urgent area of need for standards development.
- The ISO 27001/27002 Information Security Management Standard is a key regulatory driver of standards compliance, as are Data Breach Notification, PCI/DSS (Payment Card Industry Standard), EU Data Privacy Legislation, SOX (Sarbanes-Oxley Act) and HIPAA (Health Insurance Portability and Accountability Act).
- The use of public, private and hybrid clouds will rise over the next 12 months. The survey found that, while public clouds are most popular, private and hybrid implementations are quickly gaining in adoption.
- The rate of using and providing software, platform and infrastructure as a service (SaaS, PaaS and IaaS) will increase consistently in the next 12 months. The survey showed that PaaS and IaaS are set for the sharpest growth.
“The Cloud Security Alliance, as the world’s leading organization focused on cloud security, and IEEE, as a global leader in standards development across an unmatched range of industries, are the obvious partners to establish the baseline on the current and intended usage of cloud computing services, as well as the needs, attitudes and behaviors around cloud security standards,” said Judy Gorman, managing director, IEEE-SA. “The insights revealed in this survey will prove valuable in informing how the cloud community moves forward.”
In addition to the announcement today at RSA, the Computer Security Alliance and IEEE will also present the survey’s findings March 16 at SecureCloud 2010 in Barcelona (http://www.cloudsecurityalliance.org/sc2010.html).
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, the Cloud Security Alliance Web site is www.cloudsecurityalliance.org.
About the IEEE Standards Association
The IEEE Standards Association, a globally recognized standards-setting body, develops consensus standards through an open process that engages industry and brings together a broad stakeholder community. IEEE standards set specifications and best practices based on current scientific and technological knowledge. The IEEE-SA has a portfolio of over 900 active standards and more than 400 standards under development. For information on the IEEE-SA, see: http://standards.ieee.org.
Karen McCabe, IEEE-SA Marketing Director
ZAG Communications for the Cloud Security Alliance