对商业机构来说，希望确保自己所使用的云服务的安全性，并对它们实行充分的监管与调度并非什么秘密。

然而，正如对于信用卡安全性的担忧并不能阻止电子商务在网络上的普及一样，安全因素没有阻止云服务的普及，甚至没有明显减缓它普及的速度。Forrester ForrSight近期的一项调查显示，有67﹪的大型企业正在将云计算的基础设施级服务（IaaS）平台应用于产品的生产及管理当中。这一比例比声称将IaaS平台应用于产品测试和研发的企业还要大，后者占总数的61﹪。

这些迹象表明，企业已经不再将云技术的用途限定在产品的测试﹑改进或展示等初级阶段，而是将它应用于生产的关键环节。Ponemon Institute的近期调查结果表明，商业组织并非不关心云技术的安全性——事实上他们很清楚这一点。联系到之前的结论，这一调查结果读起来饶有趣味。

超过半数的被调查者（52%）认为自己的公司对云服务的总体管理“尚可”（27﹪）或是“很差”（25﹪）。还有21﹪的人未作任何评价。其余42﹪的人表达了他们的忧虑，他们不清楚自己公司的程序或数据在开放的云服务平台上是否安全。

该项调查名为“云安全：防火墙风险管理”，由云安全公司Dome9 Security赞助。调查结果基于628家美国IT公司及IT安全公司的反馈而产生。这些机构都在使用托管服务器或云服务器。

当被问及为何企业在对安全性没有把握的情况下依然继续使用云服务时，Dome9公司的副总裁Dave Meizlik,把原因归结为“习惯”。“许多人并不习惯于直接对自己服务器的安全负责。他们有单独的网络系统及防火墙来应对安全问题，”Meizlik说道，“人们总是习惯于遵循自己已知并习惯的过程。”

根据此项研究，61 %的受访者表示自己的公司没有云服务防火墙的管理产品。究其原因，他们当中61 %的人认为该类产品“扩展性差”，59﹪的人认为“价格太高”，57 %的人认为“找不到可用的该类产品”。

此项研究与Ponemon security近期的另一项研究十分相似。该研究由密密钥及密钥管理公司Vormetric赞助。研究发现，在受访的1000名IT安全工作人员中，少于半数的人相信他们的公司掌握保障云服务安全性的必要技术。

英文原文：

Survey shows organizations not only don't have a handle on cloud security -- they are also well aware of this and adopting the cloud anyway

It's no secret that organizations are concerned about their ability to secure and to maintain an adequate regulatory compliance posture in their cloud deployments.

However, just as concerns around credit card security didn't seem to noticeably stall the adoption of e-commerce on the Web, security hasn't stopped or noticeably even slowed cloud adoption. A recent Forrester ForrSight survey shows that 67 percent of large enterprises are using cloud computing Infrastructure-as-a-Service (IaaS) platforms to support production applications. That's greater than the 61 percent saying they use IaaS for testing and development.

Such evidence is mounting that enterprises are no longer using cloud primarily for testing, training, and demonstrations but in crucial production systems. That's why it was interesting to read the recent survey results from the Ponemon Institute research firm that found organizations not only don't have a handle on important aspects of cloud security -- they are also well aware of this.

More than half of respondents to the survey, 52 percent, rated their organization's overall management of cloud server security as fair (27 percent) and poor (25 percent). Another 21 percent didn't have any comment on their ability to secure their cloud servers. Another 42 percent expres

sed concern that they wouldn't know if their organizations' applications or data was compromised by an open port on a server in a cloud.

The study, "Cloud Security: Managing Firewall Risks" and sponsored by cloud security firm Dome9 Security, was based on the responses of 682 IT and IT security practitioners in the United States, whose organizations rely on hosted or cloud servers.

When asked why organizations are continuing to move to cloud while admittedly not having a strong grasp on their ability to secure their systems, it comes down to habit, says Dave Meizlik, Dome9 VP of marketing and business development. "Many people aren't used to having to directly secure their servers. They have segmented networks and perimeter firewalls that take care of that for them," says Meizlik. "People follow the processes that they know and are used to."

According to the study, 61 percent of respondents say their organization does not have a cloud server firewall management product. Of those who do not, 62 percent say it is because they are not scalable, cost too much (59 percent) and are not available (57 percent).

This study mirrored another recent Ponemon security study, sponsored by encryption and key management firm Vormetric Inc., which found that of the 1,000 IT security and compliance officers' questions, less than half believe their organizations have the technologies necessary to secure their cloud deployments.