Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Despite Concerns, Businesses Still Place Sensitive Data in the Cloud

According to a report form Forrester, despite their security concerns – and perhaps because most IT managers simply have no other option – as many as one-third of enterprises are placing sensitive data into the cloud.

According to a report form Forrester, despite their security concerns – and perhaps because most IT managers simply have no other option – as many as one-third of enterprises are placing sensitive data into the cloud.

Forrester’s study focused on IT Security managers in the U.S. dealing with IAM needs on behalf of IAM vendor Symplified. As noted in the report itself, while most enterprises are concerned about exposing data to the cloud, nearly a third of them already place highly sensitive data like regulated financial (34%) and healthcare information (29%) in SaaS apps.

As for their preferred method for consuming cloud security, the top two choices – embedded in the cloud service (23%) and third-party on-premise solution (20%) – were evenly split. Moreover, half of those who took part in the study mentioned that their existing IAM infrastructures will not work well in the cloud, and provide essentials such as SSO.

“This survey reveals that enterprises recognize the need for cloud identity and access management, but they’re concerned about their ability to integrate these capabilities within existing infrastructures,” said Brian Czarny, vice president of marketing for Symplified.

“It’s also clear that supporting non-SAML apps is a big challenge, and that organizations want the ability to choose between cloud-based and on-premises security options.”

Other findings include the fact that user provisioning (61%) and SSO/Web Access Management (53%) are the two leading access control priorities for enterprise and that 48% of respondents were very concerned or somewhat concerned that their organization needs SSO to non-SAML or non-federated SaaS apps.

“The data collected shows that IT managers are living with a gap between cloud usage and corresponding cloud security. As solutions for managing cloud access mature, we anticipate IT departments will feel corresponding pressure to improve the fundamental processes of identity management and access management within their own organizations,” said the study.

“They must increasingly support business owners in a drive to take advantage of cloud-enabled and mobile-enabled business partnerships — and their ability to execute will be significantly affected by the ability of their IAM systems to adapt.”

Advertisement. Scroll to continue reading.

Forrester’s report was not made available to the public.

In related news, nCircle spoke with 127 attendees at the Cloud Expo West conference, where it was learned that 51% of respondents said they outsource “less than a third” of their infrastructure to the cloud, and 31% said they outsource “one-third to one-half” to the cloud. Expanding this to meet the numbers needed to conform to the Fortune 500 is a bit of a stretch, but not by much.

When it comes to the type of data outsourced, nCircle’s findings show that 37% said they outsource “moderate impact” data to the cloud; 42% said they outsource “low impact” data to the cloud; and 21% said they outsource “high impact” data to the cloud.

“In spite of the cost efficiencies, the cloud continues to be a small part of most organizations’ infrastructure,” said Lamar Bailey, director of security research and development for nCircle. “Cloud infrastructure creates a whole new set of security questions that aren’t easily answered, and many IT security tools don’t adapt well to the cloud, making it difficult for users to migrate quickly.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.