Voices

Ernst & Young Sees Risk in the Cloud

Ernst & Young has released a new survey that indicates persistent security threats at organizations despite the move to cloud computing at many companies.

In a survey of nearly 1,700 information security and IT leaders in 52 countries, the firm found that 72 percent of respondents see an increasing level of risk due to external threats in the last 12 months.

E&Y found that no single technology or process is able to stop advanced persistent security threats, and traditional security methods are proving to be ineffective against such threats. Protecting against the threats requires organizations to put in place several layers of defense.

Among the targets of such threats are government contractors, technology providers and manufacturers. Fifty-nine percent of the respondents to E&Y’s survey expect their information security budget to increase over the next year.

Uncertainty about security extends to newer technologies such as tablets and cloud computing. One in five respondents to the survey said their organization does not currently permit the business use of tablets and has no plans to change that policy over the next year.

However, organizations have been using cloud computing. Sixty-one percent said they are either currently using cloud computing, or evaluating or planning use of the cloud within the next year.

But more than half said they have done almost nothing to mitigate the new or increased risks related to the use of cloud computing. Those strategies could include increased due diligence of service providers, stronger identity and access management controls, encryption techniques, and onsite inspection by a security or IT risk team.

E&Y recommends choosing verification above trust of cloud service providers and understanding who owns the risks before entering into a cloud services agreement.

Organizations still need to use the standard security processes and techniques they have used in the past, even when they are outsourcing to a cloud technology provider, and they need to continuously assess the risks to comply with regulations and industry standards.

E&Y is planning to host a webcast featuring the firm’s information security professionals on Wednesday, November 2, at 11:00 am EDT. For more information, visit http://webcast.ey.com?pid=4118 .

For reprint and licensing requests for this article, click here.
MORE FROM ACCOUNTING TODAY