Cloud Security Survey both Confirms and Challenges Common Beliefs

Featured article by Holger Schulze, Founder Information Security Community on LinkedIn

A 2015 survey of over 1,000 cybersecurity professionals confirms that security remains the biggest barrier to faster cloud adoption, with nine out of ten organizations expressing this concern. The survey explores a wide range of issues, including the specific driving forces and risk factors of cloud adoption, how organizations are currently using or planning to use the cloud, whether the promise of the cloud is living up to the hype, and how organizations are responding to the security concerns in public, private and hybrid cloud environments.

The results, which have been published in the Cloud Security Spotlight Report, are organized into three sections on cloud adoption trends, cloud security risks and cloud security solutions. Highlights of the key findings summarized here.

Cloud Adoption Trends

A full 71 percent of respondents are currently using or are planning to use the cloud. Only 26 percent, however, claim to have deployed production applications so far. When asked, “What best describes your organization’s use of public cloud computing?” respondents were fairly evenly split between light use and moderate/heavy use.

Hybrid cloud deployments are favored by a wide margin of 71 percent over exclusively public or private clouds, which are preferred by only 12 percent or 17 percent, respectively. When asked about cloud service delivery models, Software-as-a-Service (SaaS) came in first at 60 percent, followed by Infrastructure-as-a-Service (IaaS) at 47 percent and Platform-as-a-Service (PaaS) at 33 percent.

Not surprisingly, Amazon Web Services emerged as the market share leader in public clouds, being used by 31 percent of respondents. The Google Cloud Platform and Microsoft Azure nearly tied for second place, with market shares of 25 percent and 22 percent, respectively.

The business applications being used by respondents covered a broad range, and the results revealed a few surprises. Web and collaboration/communication applications are in the lead being cited by 43 percent and 39 percent, respectively. These were followed by sales and marketing (30 percent); productivity (29 percent); IT operations (26 percent); application development and testing (24 percent); disaster recovery, storage and archiving (23 percent); human resources (22 percent); and business intelligence and analytics (20 percent). Content management, finance and accounting, and custom business applications all came in at 18 percent, with supply chain management coming in last at 9 percent.

Other questions asked probed for current and planned use of specific cloud services, the types of corporate information being stored in the cloud, and the specific benefits respondents have experienced using could-based services and applications.

Cloud Security Risks

As mentioned in the introduction, a full 90 of respondents have concerns about security in the cloud, with 47 percent being very concerned and 43 percent being moderately concerned. The dominant cloud security concerns involve unauthorized access through misuse of employee credentials and improper access controls (63 percent) and hijacking of accounts (61 percent), followed by a wide range of other worries ranging from malicious insiders and attacks to lost devices and natural disasters.

Almost 80 percent of respondents expressed a concern about the risk being introduced by employees and visitors accessing personal cloud storage services. But this concern over “Bring Your Own Cloud” appears not to be a major impediment to adoption with over 40 percent of respondents confirming that corporate policies continue to permit employees to access personal storage services from the enterprise network.

Slightly over one-quarter of respondents reported having experienced more security breaches in the public cloud than with on-premises applications that reside fully behind the perimeter defenses. But only slightly less than one-quarter of the respondents expressed just the opposite sentiment believing they have achieved a lower risk of security breaches in the cloud compared to on-premises implementations.

Cloud Security Solutions

Nearly six in 10 respondents cited consistent security across IT infrastructures and continuous protection as being the most important factors for protecting cloud infrastructures, while only 26 percent mentioned the affordability of these security provisions as being a concern.

Around two-thirds of respondents believe that perimeter defenses alone are insufficient for securing cloud infrastructures and that protecting the workload is becoming more important, confirming a shift away from an emphasis on attack prevention and toward a defense-in-depth approach with advanced data protection methods, such as encryption, which is being employed by nearly two-thirds of respondents.

Download the Full Report

The results of the survey are available in the Cloud Security Spotlight Report published by Crowd Research Partners in collaboration with the Information Security Community on LinkedIn and cloud security vendors Alert Logic, AlienVault, Bitglass, CloudPassage, Palerra and Redspin. The full report can be accessed at www.infosecbuddy.com/download-cloud-security-report/

About Holger Schulze – Founder Information Security Community on LinkedIn

Holger Schulze founded the Information Security Community on LinkedIn in 2007. With over 250,000 active members, the online community is the biggest online network of cybersecurity professionals to connect, share the latest news, and find security training, jobs, events, and more. Holger Schulze holds an M.B.A. from the University of Maryland and a B.S. in Industrial Engineering from HTW Technical University in Berlin, Germany.