Employee Misuse, Access Control Top Cloud Security Worries

Topping the list of worries are unauthorized access (63 percent), hijacking of accounts (61 percent) and malicious insiders (43 percent).

cloud security and bitglass

Misuse of employee credentials and improper access controls top the list of concerns over public cloud security, according to a survey of more than 1,000 IT and IT security practitioners conducted by Bitglass.

Even with the major breaches of the last year, dominant security concerns involve misuse of employee credentials and improper access control, not malware and hacking, the report said.

Unauthorized account access (63 percent), hijacking of accounts (61 percent) and malicious insiders (43 percent) are the top three issues.

Despite significant investments in security by software as a service (SaaS) providers, 36 percent of respondents believe that even major cloud applications such as Salesforce and Office 365 are less secure than on-premises applications, inhibiting many enterprises from more widespread adoption of cloud computing.

"Organizations need to understand that data protection in the public cloud is a shared responsibility between app vendors and the enterprise," Rich Campagna, vice president of products with Bitglass, told eWEEK. "Cloud access security brokers (CASBs), such as Bitglass, fill the security gaps that app vendors don't cover."

Despite this fact, 38 percent of enterprises store intellectual property and 31 percent store customer data in the cloud, the survey indicated.

In the battle of email titans, Microsoft’s focus on enterprise class features appears to be paying off. At 29 percent, Office 365 has surged ahead of Google with 13 percent usage in the enterprise. Office 365 also is dominating plans for future enterprise deployments, according to the survey results.

In the past year alone, the percentage of companies using Google Apps or Microsoft Office 365 cloud-based email and productivity suites increased from 23 percent to 42 percent.

The survey also indicated the primary method for closing the cloud security gap is setting and enforcing consistent security policies across cloud apps. Encryption and access control are the most effective data protection technologies, according to survey results.

"Organizations must allow employees to use the devices and applications of their choosing, while building controls on top of cloud applications that limit access to sensitive data, prohibit suspicious activity, and protect data anywhere, even after it has been downloaded to personal mobile devices," Campagna said.

Email and sales and marketing data top the list of corporate information stored in the cloud, followed by intellectual property and customer data.

"Cloud adoption will continue at a rapid pace as the survey data shows that cloud is delivering on its promises of productivity, availability, and cost savings," Campagna said. "Vendors are now building solutions to address security and compliance concerns.”