ISLANDIA, N.Y., May 12, 2010 -- CA, Inc. and the Ponemon Institute, an independent research firm specializing in privacy, data protection and information security policy, today announced a study analyzing significant cloud security concerns that persist among IT professionals when it comes to cloud services used within their organization.

The study, entitled "Security of Cloud Computing Users," reveals that more than half of U.S. organizations are adopting cloud services, but only 47 percent of respondents believe that cloud services are evaluated for security prior to deployment. Of equal concern, more than 50 percent of respondents in the U.S. say their organization is unaware of all the cloud services deployed in their enterprise today.

"Organizations put themselves at risk if they fail to evaluate cloud services for security and don't have a view of what cloud services are in use throughout the business," said Dave Hansen, corporate senior vice president and general manager for CA's Security business unit. "All parties - IT, the end user, and management - should be involved in the decision making process, and need to build guidance around cloud computing adoption to help their organizations more securely deploy cloud services."

Findings also showed that there was a substantial concern across industries in maintaining security for mission critical data sets and business processes in the cloud. The surveyed IT practitioners noted that a variety of data sets were still too risky to store in the cloud:

  --  68 percent thought that cloud computing was too risky to store
      financial information and intellectual property;
  --  55 percent did not want to store health records in the cloud; and
  --  43 percent were not in favor of storing credit card information in the
      cloud.

  Additional key findings from the study included:

  --  Less than 30 percent of respondents were confident they could control
      privileged user access to sensitive data in the cloud.
  --  Only 14 percent of respondents believe cloud computing would actually
      improve their organization's security posture.
  --  Just 38 percent of respondents agreed that their organization had
      identified information deemed too sensitive to be stored in the cloud.

The research suggests that IT personnel should take a full inventory of their organization's cloud computing resources, closely evaluate cloud providers, and assess the steps taken to mitigate risks. Going forward, IT should institute policies around what data is appropriate for cloud use and should evaluate deployments before they are made.

"These results further underscore the importance of an actively engaged IT department with the resources and authority to vet cloud services and vendors prior to deployment," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "Cloud computing applications hold a great deal of promise for organizations, but regarding their adoption as a fait accompli and expecting IT to accommodate their use is an approach fraught with risk, and the implications for information security and data privacy are potentially dire."

CA and Cloud Security

CA has solutions aimed at extending identity and access management (IAM) technologies used in the enterprise to the cloud. It also delivers IAM for cloud providers who need to control access to their services. In addition, CA is currently developing an identity and access management offering to be delivered as a cloud service.

For a copy of the study, please visit http://ca.com/security/cloud-research.

About the study

The Security of Cloud Computing Users study sampled 642 IT and IT security practitioners in the U.S. during the month of March, and included both technicians and managers in a wide range of industries. Respondents on average had 12 years of experience in the field.

Details of the study also will be discussed at the upcoming CA World 2010 conference during the Security opening session at 11 a.m. PT, Monday, May 17. For the complete CA World 2010 agenda and registration details, visit http://www.ca.com/caworld. To join the CA World community on the Web or your mobile device, visit: http://caworld.ca.com/. You can also:

About Ponemon Institute

The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

  About CA

CA (NASDAQ:CA) is an IT management software and solutions company with expertise across all IT environments - from mainframe and physical, to virtual and cloud. CA manages and secures IT environments and enables customers to deliver more flexible IT services. CA's innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 rely on CA to manage their evolving IT ecosystems.

-----

Source: CA Inc.