New McAfee research has suggested that businesses can’t agree on who should be responsible for cloud security, with IT managers, CEOs, chief information officers, and chief information security officers all supposedly responsible.
In a survey of 2,000 senior IT staff and employees in the UK, France and Germany, McAfee found that 14% believed that the CEO should take responsibility for cloud security, while 19% believe it should be the remit of the chief information officer. Just 5% said the chief information security officer is responsible, and the role of IT manager drew the largest number of votes, with 34% deeming them responsible for cloud security.
The confusion is something that’s going to need to be cleared up in the short-term, as McAfee’s research also found that 40% of large UK businesses expect to be cloud-only by 2021, with 70% expecting to be cloud-only at some point in the future.
Without a clear person responsible for cloud security, Nigel Hawthorn, EMEA director of cloud security business at McAfee, noted, “I think we’re in a dangerous place if we’re going to cloud as fast as possible, but we haven’t decided who’s responsible for the security.”
Raj Samani, chief scientist and McAfee fellow, concluded, “You can outsource the work, but you can’t outsource the risk. The reality is [that] in cloud computing, we see organisations and people migrating and outsourcing over to cloud services with the belief that it absolutely absolves them of any risk or any concerns.”
Hawthorn and Samani believe that ultimately an organisation needs to decide who is responsible for cloud security, give them adequate resources and allow their voice to be heard by the board.