Businesses are increasingly comfortable with security measures put in place to protect cloud services and the data housed with them, new research has revealed, and most companies have formal policies for moving processes to the virtual realm. CISOs are also starting to play a critical role as the cloud takes over.
According to a Cloud Security Alliance (CSA) survey, 64.9% of IT leaders think the cloud is as secure or more secure than on-premises software. This could be the result of the fact that 71.2% of companies now have a formal process for users to request new cloud services.
Also, the volume of those requests is up: Security professionals indicated receiving, on average, 10.6 requests each month for new cloud services. Customer relationship management (CRM) is the most widely used cloud-based system of record today, but companies have plans to move other systems to the cloud, including sales and HR.
“As a growing number of companies have become more confident in cloud security measures and, with that, are moving their systems of records to the cloud, the role of IT and its relationship to the line of business is changing,” said Jim Reavis, CEO of the CSA. “This survey provides excellent insight into what security professionals are doing to minimize the risks and maximize the benefits of transforming their businesses into cloud-first organizations.”
All of that said, these programs are still evolving. Of companies with a formal process, 65.5% indicated that they only partially follow it. And when asked about the barriers to moving systems of record to the cloud, the primary obstacle noted by 67.8% of companies was the ability to enforce their corporate security policies.
The report also found that CISOs play an important role in security—having one makes a company more likely to take steps to prepare for a cyber-attacks, and companies that have embraced the cloud are more likely to have someone in this role. Today, 60.8% of companies have a CISO.
“Considering the financial impact that a major data breach can have on a company, information security is an increasingly important function to reduce the risk and the potential impact of these incidents,” the CSA said in the report. “Recognizing the importance of security, more companies are appointing a senior executive, the CISO, to manage the information security team.”
The report numbers also speak to the growing impact of having a CISO on security preparedness: Across all companies, 82.2% have some form of an incident response plan that details how the company would respond to a serious breach, including security remediation, legal, public relations and customer support. However, fewer than half of these companies have a complete plan that covers all of these areas.
But, just 19% of companies without a CISO have a complete incident response plan. In contrast, 53.8% of companies with a CISO have a complete incident response plan.
Companies with a CISO are also more likely to have cyber insurance to protect against the cost of a data breach. Across all companies, 24.6% have cyber insurance. However, just 17.2% of companies without a CISO have insurance compared with 29.2% of companies with a CISO.
“The benefits of switching your system of records over to the cloud are known: lower cost, faster implementation, and a better user experience,” said Rajiv Gupta CEO of Skyhigh Networks, which sponsored the report. “What is not known is how this massive disruption will change the day to day activities and role of IT and security professionals. The opportunities are endless when these smart individuals can focus on becoming enablers to their business and partner with lines of business to make IT a truly innovative force.”
Photo © Maksim Kabakou