A symbolic data cloud is seen at the IBM stand at a technology trade fair. (Photo by Nigel Treblin/Getty Images)

Research group IDC on Thursday reported in its Trust Perception Index that the most frequently cited security weakness of the largest cloud providers was configuration controls and management, with a large proportion of respondents wanting the ability to monitor and restrict unprovisioned access to resources — and finding it lacking.

The Trust Perception Index aims to help security teams identify perceived strengths and weaknesses of their cloud vendors, highlight differences between those who bought and those who did not buy for any given organization, and offer guidance on how organizations can maintain and increase their trust positions.

Grace Trinidad, research director, future of trust at IDC, explained that IDC applied the Trust Perception Index to the top six cloud infrastructure-as-a-service (IaaS) providers: IBM Cloud, Google Cloud Platform, Microsoft Azure, Oracle Cloud, Amazon Web Services, and Rackspace Cloud. Using end-user trust perception survey responses to measure four areas of the IDC Trust Framework — security, privacy, compliance, and environmental, social and governance (ESG) — IDC calculated final scores for each provider. Leading findings include:

  • IBM Cloud emerged as the trust leader — it was comparatively strong in privacy, compliance and ESG.
  • Rackspace Cloud's trust perception score for security was highest among the six cloud providers.
  • The most frequently cited weaknesses across all cloud providers were configuration of controls, configuration management, data retention, erasure, disclosure according to privacy regulations, access to independent audit reports, and transparency on ESG initiatives.

“The IDC Trust Index is a measure of customer or client trust in their cloud vendors, providing not only a total score, but trust perception scores for security, privacy, compliance, and ESG, said Trinidad. “We measure and examine trust because high trust mitigates the effect of negative events such as data breaches, engenders customer loyalty, and impacts customer willingness to share personal information.”

The anecdote that the cloud is “just someone else’s computer” remains true today, said Davis McCarthy, principal security researcher at Valtix. But trusting someone else with confidential data means business leaders need confidence in their vendor’s security, business practices, and privacy policies, McCarthy added.

“An index that analyzes trust relationships through data or public perception may help foster accountability or, better yet, competition between cloud-service providers that favors the customer,” McCarthy said. “It’s no surprise to learn that business leaders think weak configuration and control management tools are lacking in the cloud. This could be because of a shortage of skilled cloud professionals, difficulty navigating complex UIs, or low confidence in the capability of a service’s features.”