Customer relationship management (CRM) is the most widely used cloud-based system of record today, but companies have plans to move other systems to the cloud, including sales and HR, according to a Cloud Security Alliance (CSA) and Skyhigh Networks report.
The survey of 200 IT and security professionals also indicated the top barrier to stopping data loss in the cloud is a lack of skilled security professionals.
"Businesses are hiring IT security professionals faster than the market can educate, train, and develop experienced security professionals," Kamal Shah, vice president of products and marketing at Skyhigh Networks, told eWEEK, noting that in August, it was reported that JP Morgan expected to spend $500 million on cyber security in 2015, double its 2014 budget of $250 million.
A 2015 report from labor analytics firm Burning Glass shows that cyber security job postings grew 74 percent from 2007 to 2013, twice the rate of all IT jobs.
Shah explained these jobs often require industry certifications such as CISSP; 84 percent of postings require a bachelor’s degree, and 83 percent require at least three years of experience.
Worryingly, 24.6 percent of companies said they would be willing to pay a ransom to hackers to prevent a cyber-attack and 14 percent said they would shell out more than $1 million.
"For me, the most surprising result was the finding that one quarter of respondents would pay malicious hackers to unlock their data," Jim Reavis, CEO of the Cloud Security Alliance, told eWEEK. "Having such a large percentage of the community willing to pay criminals for information security protection is disheartening, and shows that either the industry is doing a poor job at protecting businesses or the problem is even bigger than we think, or both."
However, cloud confidence is rising, with nearly 65 percent of IT leaders feeling the cloud is as secure as or more secure than on premises software.
Reavis explained that in the near future, applications will mature and improve their security posture as developers gravitate towards greater use of common APIs and cloud infrastructure that is vetted for security.
"At the same time, innovative new cloud applications will use brand new technology to push the envelope of cloud capabilities, which will introduce new vulnerabilities," he said. "In aggregate, not much will change as improved infrastructure will be balanced by new risks. However, these cloud applications will, by comparison, be more secure than un-managed traditional software applications."