Cloud Security Survey Results
As a follow up to our earlier patterns & practices Cloud Security Survey, here is a quick summary of the results. Note that the the bulk of our respondents said they spend most of their time in architect roles. The next biggest buckets were developers and testers.
Key Take Aways
Here are some highlights from the survey:
- As far as cloud adoption, there is fairly even spread in adoption from evaluation to testing to engaged migrations, with a slightly heavier emphasis on testing.
- There is significant interest in data handling within the cloud, such as confining data to geographic regions.
- There is significant interest in infrastructure and process related security issues such as SLA’s, policies, and intellectual property.
- There is significant interest in threats and countermeasures.
- There is some interest in OpenID as an authentication / authorization approach.
- There is some interest in ingress/IP filtering.
- There is some interest in eDiscovery.
- There is some interest in HIPPA.
App Scenarios in Rank Order
Here are the top application scenarios in rank order based on respondents:
- A cloud-based service used by different Enterprises (federated scenario).
- An internet facing web application, deployed on the cloud.
- An enterprise specific web application, deployed on the cloud.
- An enterprise specific web application, deployed on premises using cloud-based services.
- An enterprise specific web application, deployed on-premises using cloud-based services and cloud storage.
Authentication in Rank Order
Here is are the top authentication mechanisms in rank order based on respondents:
- Windows Authentication
- Forms Authentication
- Cert Authentication
- Windows Live
I think one of the most interesting things we've done as a result of the survey is we started to collect and organize relevant industry standards. We'll try to find any relevant technical intersections (our focus is on technical guidance.)