Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Survey Shows Growing Gap Between Cloud Practices and IT Policies

Another survey has uncovered a gap between IT concerns about cloud security and actual business policies in place. Not only is there a disconnect, but it may be growing, the survey found.

Another survey has uncovered a gap between IT concerns about cloud security and actual business policies in place. Not only is there a disconnect, but it may be growing, the survey found.

The majority of the 500 companies surveyed in October allowed employees to use cloud services and access corporate data from cloud applications or connected devices, according to Symform, a cloud backup provider and sponsor of the study. However, nearly 20 percent of businesses said they did not have clear security policies or standards around how employees and departments should use these services, the report found.

This “policy versus utilization” gap existed among organizations that were using the cloud as well as those who were not officially using cloud services, Symform said. “Cloud usage is inevitable, but loss of control is not,” Margaret Dawson, vice-president of product management at Symform, said in a statement.

Many organizations are slow to acknowledge the extent to which their employees are using cloud services for business purposes, the survey found. The delay means IT is not implementing proper security controls and policies to govern cloud usage. In fact, of the 39 percent of the respondents who said their organizations have not formally adopted cloud services, more than half said employees are allowed to use cloud services and a third said employees are allowed to put company data in cloud applications, the survey found.

Cloud applications and services are being purchased and managed by the business units and leaving IT out of the loop, Dawson said. IT leaders should be the centralized source of all IT policy, vendor criteria, and compliance management for their organizations, Dawson said, nothing that the definition of “trust” needs to come from IT.

Access control was the number one cited concern and key criteria for IT managers when it came to cloud, the survey found. Other top concerns included auditing and tracking, securing data in motion and at rest, vulnerability management, and maintaining strong service level agreements.

Companies are frequently looking at large cloud providers for their cloud needs, the survey found. In fact, equal number of respondents, or 46 percent, rated Microsoft and Amazon as the top trusted source on cloud security.

The survey focused on current cloud utilization, cloud security concerns and benefits, and existing security policies, as well as how employees were using cloud services, applications, and devices. The survey found that platform-as-a-service (PaaS) was the slowest cloud platform to penetrate enterprises, compared to software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) offerings.

Advertisement. Scroll to continue reading.

Of the respondents who reported their organizations used cloud services, only 39 percent were taking advantage of PaaS, compared to 48 percent using IaaS and 79 percent using SaaS, the survey found. A significant number of respondents, or 48 percent of organizations using cloud and 70 percent of organizations not using cloud, said they were not planning to adopt PaaS within the next 12 months.

The 500 companies surveyed in the report spanned a wide range of industries and sizes, with 18 percent coming from enterprises, 34 percent from small to medium sized businesses, and 48 percent from IT service providers and small businesses.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.