Cloud: IT Security & Compliance teams differ on controls

One of the most important aspects about the Cloud is security and the necessary controls to ensure that the data is secured and no unauthorized person can gain access to it. And to make it possible, the IT security managers and compliance teams have to work together to enable the security as well as the compliance features. As you know being compliant with the rules and regulations (both internal and external) is equally important. But the teams are often at loggerheads to decide which and where the controls are required—the problem being the security team see it from security standpoint while the compliance team see it from compliance perspective.

A recently study by Ponemon Institute mentioned that ‘there is a gap between information security manager and compliance professionals in how they perceive cloud security issues and necessary controls”. The study further pointed out that “IT staff and compliance officials don't see eye-to-eye on cloud security issues and on their organization's policies”.

The researchers further found:

• IT respondents were "more concerned" about security in the cloud than compliance respondents
•  Despite concerns about security, evaluating the cloud provider's security measures were considered a low priority, or not at all, for 59 percent of IT professionals in the report. In contrast, 56 percent of compliance officials said it was very high, or high, priority

This attitude between the teams is certainly not conducive for the growth of Cloud as well as for the successful Cloud implementation in an organization. It is important for the IT security and compliance teams to work together, and reach a common ground as far as security and controls go. Being secured and compliant are not that diverse goals, and there is actually a thin red line that separates them. It is imperative for the teams to work together and collectively reach their projected goals.

Please feel free to share your experiences!