IT Pros Trust Open Frameworks and Clouds Over Third Parties
Despite claims made by their competitors, cloud service providers and open source frameworks are viewed as effective, according to surveys conducted by the Cloud Security Alliance.
Thirty-eight percent of the 452 IT and security professionals surveyed for “Sensitive Data in the Cloud” said their organizations have an effective or highly effective method of handling risk management for cloud computing. The report, released in April, was commissioned by Anjuna, which is also a member of the Confidential Computing Consortium.
According to another alliance report, “Measuring Risk and Risk Governance,” 63% of the IT and security professionals surveyed in July and August 2021 believe open source risk management practices are effective — compared to 30% that feel that way about third-party vendor solutions. The report, released in June, was commissioned by Google.
The National Institute of Standard and Technology’s Cybersecurity Framework’s was used to manage public cloud risk by 72% of the June study’s participants. Forty-one percent of respondents said they followed the alliance’s own frameworks, CCM and CAIQ.
Only 49% of the survey used a third-party vendor to actually quantify the level of risk they are being exposed to, with Security Scorecard being used more than twice as the leading competitor.
Risk management is a topic often associated with security liabilities but it also encompasses a wider range of financial uncertainties. Almost three-quarters (73%) of the June survey participants believe the approach to measuring cloud risk is significantly different than for traditional IT.
To get a better picture of the topic, we looked at the results of the 10th annual “IT Audit and Technology Risk Survey” by Protiviti and ISACA.
Cyber breaches, security incidents and IT, legal and regulatory compliance all jumped as risks that are being addressed in 2022 audit plans, compared to the previous year.
The new security data framework announced earlier in August by Amazon Web Services and Splunk was justified in part because open source collaboration is believed to fit a market need around data governance.
It will be interesting to see how the market plays out. Will vendors like Normalize, the data protection company, have a space at the table? Or will big companies dominate? TBD.