Following industry predictions that the global cloud market will exceed $250 billion by 2020, Crowd Research Partners has found that security concerns top the list of barriers to cloud adoption today.
These fears are led by general security concerns (53%, up from 45% in last year’s survey), legal and regulatory compliance concerns (42%, up from 29%), and data loss and leakage risks (40%). The rise in specific concerns about compliance and integration suggests that companies are moving from theoretical exploration of cloud models to actual implementation.
The report also found that unauthorized access through misuse of employee credentials and improper access controls is the single biggest threat (53%) to cloud security, respondents felt. This is followed by hijacking of accounts (44%) and insecure interfaces/APIs (39%). One in three organizations say external sharing of sensitive information is the biggest security threat.
“As organizations look to cloud computing to reduce IT costs, increase agility and better support business functions, security of data and applications in the cloud remains a critical requirement,” said Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. “The 2016 Cloud Security Report indicates that as organizations increase investments in cloud infrastructure, they are seeking a similar level of security controls and functionality to what’s available in traditional IT infrastructures.”
Further, the vast majority (84%) of respondents are dissatisfied with traditional security tools when applied to cloud infrastructure. Respondents say traditional network security tools are somewhat ineffective (48%), completely ineffective (11%), or can’t be measured for effectiveness (25%) in cloud environments. In a positive data point, 61% of organizations do plan to train and certify existing IT staff for cloud security.
“More than 56% of surveyed organizations use Active Directory on-premises to authenticate and authorize access to cloud applications, like Office 365,” said Alvaro Vitta, principal solutions consultant, Dell Systems and Information Management. “The failure to provide adequate on-premises Active Directory security controls leave cloud-based applications vulnerable to unauthorized access. Don’t let on-premises Active Directory be your hybrid directory environment’s Achilles’ heel.”
The cloud will bring back renewed relevance for some technologies, like encryption. “Once the ‘silver bullet’ of security, encryption has been ‘out marketed’ by other technologies that mostly focus on securing the perimeter and not securing the target of intruders,” added Bob Adhar, president, Randtronics. “A business that only encrypts their data is more secure than businesses with everything else.”
Photo © wk1003mike