Security Experts:

IT Pros Still Concerned Over Public Cloud Security: Survey

An increasing number of organizations are in the process or have plans to move their operations to the cloud in order to benefit from the flexibility, availability, and low costs offered by cloud environments. However, many professionals are concerned about the security and compliance implications, a new report from Bitglass shows.

According to the data protection company, 90% of the more than 1,000 IT and IT security practitioners who took part in a cloud security survey are very or moderately concerned about public cloud security.

Security appears to be one of the main barriers to cloud adoption, with 45% of respondents being concerned about security in general, 41% about data loss and leakage risks, and 31% about loss of control.

Unauthorized access is considered the biggest security threat (63%), followed by account hijacking (61%), malicious insiders (43%), insecure interfaces and APIs (41%), and denial-of-service (DoS) attacks (39%).

While 27% of organizations believe the risk of security breaches is the same for public clouds and on-premise applications, 22% of respondents noted that the risk is lower for the cloud compared to on-premise applications. On the other hand, nearly a third of respondents believe the risk of a data breach is higher with the cloud than with on-premise solutions.

Cloud applications such as Microsoft Office 365 and Salesforce are increasingly popular, but 36% of the professionals who took part in Bitglass’ survey believe they are less secure than on-premise software applications. These cloud apps are considered more secure than internal applications by only 12% of respondents.

From a management standpoint, personal cloud storage services used by employees are problematic, with nearly 80% of managers expressing concern, the report shows.

Almost two thirds of IT and security professionals believe that consistent security across IT infrastructures and continuous protection are the most important factors when it comes to protecting cloud environments.

When asked about their plans for addressing security needs when moving to the cloud, 34% of respondents said they plan on partnering with a managed services company that will provide the necessary resources. Others plan on using security software from independent vendors (33%), adding dedicated security staff (31%), and outsourcing monitoring to a security-as-a-service (SaaS) provider (27%).

There are several methods that can be used to close the cloud security gap. The most popular are setting and enforcing security policies (50%), APIs for reporting, auditing and alerting on security events (45%), mapping security controls for internal applications to the cloud infrastructure (41%), and isolating and protecting virtual machines (39%).

When it comes to protecting data in the cloud, data and network encryption are considered the most effective. Other security technologies and controls named by the survey respondents are access control, intrusion detection and prevention, and security training.

“The report confirms that the cloud is increasingly part of enterprises’ IT plans, with some 72 percent of organizations saying they are either planning to implement or are actively implementing cloud environments,” said Nat Kausik, Bitglass CEO. “At the same time, organizations are concluding that SaaS applications are less secure, slowing widespread adoption of these technologies.”

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.