Security remains a major concern for businesses adopting or planning to adopt cloud-based solutions, according to a survey of more than 1,000 cyber-security professionals by Crowd Research Partners.
However, the survey found that despite these security concerns, 71 percent of respondents are planning to actively implementing or in production cloud environments.
More than 77 percent of organizations surveyed already have at least some investment in public cloud services, and 37 percent of respondents characterize themselves as moderate to heavy users of public cloud services.
Seventy percent of organizations using cloud services are doing so in a hybrid environment.
The majority of respondents (60 percent) use software-as-a-service (SaaS) models, followed by infrastructure-as-a-service (IaaS), at 47 percent, and platform-as-a-service (PaaS), at 33 percent, as their cloud service delivery model.
Amazon AWS is the big fish in the cloud infrastructure services pond, used by over a third of respondents. Google and Microsoft Azure follow with 25 percent and 22 percent.
The survey indicated security is still the biggest barrier to further cloud adoption. Nine out of 10 organizations are concerned about cloud security.
“The single biggest security risk is human. Employees, contractors, suppliers—all it takes is a malicious insider to circumvent security controls, or a careless employee to compromise data and systems,” Holger Schulze, founder of the Information Security Community on LinkedIn and the creator of the survey, told eWEEK. “For example, almost 80 percent of managers are concerned about data leakage through employees using personal cloud storage services like Dropbox for work.”
The dominant cloud security concerns include unauthorized access, hijacking of accounts and malicious insiders.
The most popular method to close the cloud security gap is setting and enforcing consistent cloud security policies.
Encryption of data at rest and data in motion is considered one of the most effective security controls for data protection in the cloud, according to the survey results.
“Further adoption of proven technologies such as encryption of data at rest and in motion is critical,” Schulze said. “The survey revealed that encryption is considered the most effective security control for data protection in the cloud. Yet many organizations lack the rigor in utilizing encryption—see the recent Anthem breach where massive amounts of sensitive data resided in databases unencrypted.”
Despite the massive investments in security by SaaS providers, a significant share of respondents believe that popular cloud apps such as Salesforce and Office 365 are less secure than on-premises applications.
“The risk management aspect dictates that organizations won’t place all bets on one technology or deployment model,” Schulze said. “This is especially true in what are still the early days of cloud computing with new models rapidly evolving for the various workloads deployed in cloud environments. It is impractical to migrate entire on-premises IT environments to the cloud, which would be both costly and organizationally challenging.”
He explained the market is seeing a best-of-both-worlds scenario where some applications and systems stay on-premises for stability and performance, and others are moved to the cloud to boost agility and cost reduction.