As IT executives and business leaders finally get their arms around analyses of the business opportunities versus the security risks of cloud adoption, the industry is increasingly quantifying the friction between the two. We’ve put together some numbers to show perception over some of the hot-button issues, as well as current progress toward smoothing the way for secure cloud transformations.
Quantifying the perceptions around cloud security practices.
Security Still Trumps All Other Concerns
According to a recent Informationweek Reports survey, security and data resiliency issues make up four of the top 10 concerns held by IT over cloud adoption. And sitting atop that list is the concern of security defects in the cloud technology itself.
Cloud Breach Odds
IT pros seem to be split nearly right down the middle as to whether using cloud services increases the risk of a data breach. Approximately 51% say sending data to the cloud increases or significantly increases that risk.
Confident With Cloud Security
Meanwhile, even more line of business leaders are confident in the security of the cloud. In fact, more than a third even believe it actually improves security, according to a survey of nearly 600 Harvard Business Review readers.
Raising The Stakes On Breach Risk
However, the use of the cloud does raise the stakes for breach impact. According to a recent Ponemon Institute report, the use of SaaS increases the financial impact of a breach by a factor of 1.5 times a normal breach of data from on-premises infrastructure.
Cloud Encryption Lags
The added impact of potential risk from a cloud breach is further exacerbated by lackluster cloud encryption practices. The percentage of organizations that use encryption to secure sensitive data in the cloud hovers at only about 1/3 worldwide.
Cloud Fogs Up Policy Visibility
And the truth is that most security organizations still struggle to extend corporate data governance policies to the public cloud, and they have a hard time maintaining visibility into security policy across a hybrid cloud infrastructure.
Cloud Enforcement Gap
That’s probably why they can’t seem to enforce cloud policies very well. According to a report by Skyhigh Networks, there’s a perception gap in how well companies are blocking unauthorized use and uploading to cloud apps compared to their intended policy enforcement actions.
Source: Skyhigh Networks
How Big Of A Shadow IT Problem Do You Really Have?
A survey conducted by the Cloud Security Alliance on behalf of Netskope also found that IT departments may be underestimating the number of cloud apps used across the business. More than half of these departments believe the business is running 10 or fewer cloud service apps. Meanwhile, compared to data from Skyhigh Networks, the average number is closer to 800.
Source: Cloud Security Alliance
Security Team MIA In Cloud Buys
Many of the struggles IT faces in the cloud can be summed up here, according to a Ponemon Institute study: Just 9% of IT security organizations are always involved in decisions regarding cloud procurement. Worse, 47% are rarely or never involved.
Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.