Dome9 and Ponemon Institute Study Finds Organizations are Vulnerable Due to Lack of Cloud Firewall Security New Study Sponsored by Dome9 Security Finds 67 Percent of Cloud Servers are Perceived Vulnerable or Potentially at Risk by IT Personnel
SAN FRANCISCO, Nov. 2, 2011 /PRNewswire/ -- Dome9 Security™, the leading provider of cloud security management for public and private clouds, as well as for dedicated and virtual private servers (VPS), and the Ponemon Institute, a privacy and information management research firm, today announced the results of a first-of-its-kind cloud security study, which found that 67 percent of IT security respondents report that their organization is very vulnerable or vulnerable because cloud ports and firewalls are not adequately secured. Furthermore, 54 percent of respondents said their organizations' IT personnel are not knowledgeable or have no knowledge about the potential risk of open firewall ports in their cloud environments.
The study "Cloud Security: Managing Firewall Risks" was independently conducted by the Ponemon Institute, one of the world's foremost authorities on data security and privacy, and was sponsored by Dome9 Security. The research was conducted to determine the challenges organizations face when managing access and securing firewalls and ports in cloud environments. The study analyzed responses from 682 IT and IT security practitioners in the United States working in organizations that use hosted or cloud servers (dedicated or virtual private servers). On average, respondents have more than 10 years of IT or IT security experience, and 40 percent come from organizations with 5,000 employees or more in globally dispersed locations.
"We believe this is the first study to look at the risk to cloud security because of unsecured ports and firewalls, and the results are very revealing," said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. "It is commonly accepted that organizations believe they struggle with security in the cloud, but this study gets to a root of the problem. For example, more than half of the respondents said it is very likely or likely that administrative cloud server ports left open for access expose the organization to increased hacker attacks and security exploits. Nineteen percent say these exploits have already happened."
For a copy of the study, see: http://www.dome9.com/resources/ponemon-cloud-security-study
Additional key findings of the study include:
- 52 percent of respondents rate their organizations' overall management of cloud server security as fair (27 percent) and poor (25 percent); 21 percent responded "no comment".
- 42 percent of respondents fear they would not know if their organizations' applications or data was compromised by a security exploit or data breach involving an open port on a cloud server.
- 79 percent of respondents believe that being able to efficiently manage security in the cloud is just as important as cloud security itself.
- 73 percent of respondents believe the cloud server firewall is the first place to stop attacks and prevent exploits.
- 72 percent of respondents said automation is important to cloud firewall policy management.
- 36 percent of respondents report that their organizations cannot manage access or generate reports efficiently; and 29 percent say they manage access through the cloud provider's tools but cannot see the access reports.
- 78 percent of respondents say the most important feature to cloud server security is the ability to close ports automatically, so they don't have to manually reconfigure their firewall.
"It's common knowledge that security is the top inhibitor to wide-scale cloud adoption, but thanks to this study, for the first time we're able to hone in on exactly why that is," said Dave Meizlik, Dome9 VP of Marketing and Business Development. "Security in the cloud needs to be as elastic as the cloud – if it's not scalable and manageable then it's not going to be effective. And the front-line defense, the firewall, is neither scalable nor manageable for most cloud users and service providers, leaving their cloud servers vulnerable to attack."
About Dome9 Security
Dome9 is the leader in cloud security management. Its first-of-its-kind, automated cloud firewall management service centralizes security policy control across all servers and clouds. Dome9 is available for the enterprise and hosting providers, supporting Clouds, Virtual Private Servers (VPS), dedicated servers, and Amazon's EC2 Security Groups, across all major operating systems and service providers. Its key innovation is the ability to provide secure access leasing – dynamically generated, time-based secure access to cloud servers, which enables customers to close all server administrative ports by default. Dome9 is headquartered in Tel Aviv, Israel, and is venture backed by Opus Capital Ventures. For more information, please visit: http://www.dome9.com/.
Dome9, Dome9 Central. Dome9 Connect and Dome9 Agent are registered trademarks of Dome9 Security. All other trademarks are registered to their respective companies. Copyright© Dome9 2011.
Spalding Communications, LLC
SOURCE Dome9 Security