Cloud Security By The Numbers

As IT executives and business leaders finally get their arms around analyses of the business opportunities versus the security risks of cloud adoption, the industry is increasingly quantifying the friction between the two. We’ve put together some numbers to show perception over some of the hot-button issues, as well as current progress toward smoothing the way for secure cloud transformations.

Quantifying the perceptions around cloud security practices.

Security Still Trumps All Other Concerns

According to a recent Informationweek Reports survey, security and data resiliency issues make up four of the top 10 concerns held by IT over cloud adoption. And sitting atop that list is the concern of security defects in the cloud technology itself.

Source: InformationWeek

 
Cloud Breach Odds

IT pros seem to be split nearly right down the middle as to whether using cloud services increases the risk of a data breach. Approximately 51% say sending data to the cloud increases or significantly increases that risk.

Source: Netskope

 
Confident With Cloud Security

Meanwhile, even more line of business leaders are confident in the security of the cloud. In fact, more than a third even believe it actually improves security, according to a survey of nearly 600 Harvard Business Review readers.

Source: Verizon

 
Raising The Stakes On Breach Risk

However, the use of the cloud does raise the stakes for breach impact. According to a recent Ponemon Institute report, the use of SaaS increases the financial impact of a breach by a factor of 1.5 times a normal breach of data from on-premises infrastructure.

Source: Netskope

 
Cloud Encryption Lags

The added impact of potential risk from a cloud breach is further exacerbated by lackluster cloud encryption practices. The percentage of organizations that use encryption to secure sensitive data in the cloud hovers at only about 1/3 worldwide.

Source: Safenet

 
Cloud Fogs Up Policy Visibility

And the truth is that most security organizations still struggle to extend corporate data governance policies to the public cloud, and they have a hard time maintaining visibility into security policy across a hybrid cloud infrastructure.

Source: Algosec

 
Cloud Enforcement Gap

That’s probably why they can’t seem to enforce cloud policies very well. According to a report by Skyhigh Networks, there’s a perception gap in how well companies are blocking unauthorized use and uploading to cloud apps compared to their intended policy enforcement actions.

Source: Skyhigh Networks

 
How Big Of A Shadow IT Problem Do You Really Have?

A survey conducted by the Cloud Security Alliance on behalf of Netskope also found that IT departments may be underestimating the number of cloud apps used across the business. More than half of these departments believe the business is running 10 or fewer cloud service apps. Meanwhile, compared to data from Skyhigh Networks, the average number is closer to 800.

Source: Cloud Security Alliance

 
Security Team MIA In Cloud Buys

Many of the struggles IT faces in the cloud can be summed up here, according to a Ponemon Institute study: Just 9% of IT security organizations are always involved in decisions regarding cloud procurement. Worse, 47% are rarely or never involved.

Source: SafeNet

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.

[Dark Reading]