Connect with us

Hi, what are you looking for?


Cloud Security

Despite Concerns, Businesses Still Place Sensitive Data in the Cloud

According to a report form Forrester, despite their security concerns – and perhaps because most IT managers simply have no other option – as many as one-third of enterprises are placing sensitive data into the cloud.

According to a report form Forrester, despite their security concerns – and perhaps because most IT managers simply have no other option – as many as one-third of enterprises are placing sensitive data into the cloud.

Forrester’s study focused on IT Security managers in the U.S. dealing with IAM needs on behalf of IAM vendor Symplified. As noted in the report itself, while most enterprises are concerned about exposing data to the cloud, nearly a third of them already place highly sensitive data like regulated financial (34%) and healthcare information (29%) in SaaS apps.

As for their preferred method for consuming cloud security, the top two choices – embedded in the cloud service (23%) and third-party on-premise solution (20%) – were evenly split. Moreover, half of those who took part in the study mentioned that their existing IAM infrastructures will not work well in the cloud, and provide essentials such as SSO.

“This survey reveals that enterprises recognize the need for cloud identity and access management, but they’re concerned about their ability to integrate these capabilities within existing infrastructures,” said Brian Czarny, vice president of marketing for Symplified.

“It’s also clear that supporting non-SAML apps is a big challenge, and that organizations want the ability to choose between cloud-based and on-premises security options.”

Other findings include the fact that user provisioning (61%) and SSO/Web Access Management (53%) are the two leading access control priorities for enterprise and that 48% of respondents were very concerned or somewhat concerned that their organization needs SSO to non-SAML or non-federated SaaS apps.

“The data collected shows that IT managers are living with a gap between cloud usage and corresponding cloud security. As solutions for managing cloud access mature, we anticipate IT departments will feel corresponding pressure to improve the fundamental processes of identity management and access management within their own organizations,” said the study.

Advertisement. Scroll to continue reading.

“They must increasingly support business owners in a drive to take advantage of cloud-enabled and mobile-enabled business partnerships — and their ability to execute will be significantly affected by the ability of their IAM systems to adapt.”

Forrester’s report was not made available to the public.

In related news, nCircle spoke with 127 attendees at the Cloud Expo West conference, where it was learned that 51% of respondents said they outsource “less than a third” of their infrastructure to the cloud, and 31% said they outsource “one-third to one-half” to the cloud. Expanding this to meet the numbers needed to conform to the Fortune 500 is a bit of a stretch, but not by much.

When it comes to the type of data outsourced, nCircle’s findings show that 37% said they outsource “moderate impact” data to the cloud; 42% said they outsource “low impact” data to the cloud; and 21% said they outsource “high impact” data to the cloud.

“In spite of the cost efficiencies, the cloud continues to be a small part of most organizations’ infrastructure,” said Lamar Bailey, director of security research and development for nCircle. “Cloud infrastructure creates a whole new set of security questions that aren’t easily answered, and many IT security tools don’t adapt well to the cloud, making it difficult for users to migrate quickly.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...