The number of respondents in a Ponemon study who said their cloud security posture improved after the COVID pandemic began increased from 35% to 49%. Pictured: A visitor photographs a symbol of a cloud at the Deutsche Telekom stand the day before the CeBIT 2012 technology trade fair officially opens to the public on March 5, 2012, in Hanover, Germany. (Photo by Sean Gallup/Getty Images)

A report released Thursday on the post-COVID cloud boom from Ponemon found that 49% of respondents say their company’s cloud security posture is “very effective” today, compared with 35% who said their cloud security posture was “very effective” pre-COVID 19.  

The study, done on behalf of cloud security and compliance automation company Anitian, also said that business risk did not significantly increase during migration or transition to the public cloud.

According to the research, 62% of respondents said the migration or transition to the public cloud was to reduce cost, 53% said it was to increase efficiency, and 41% said it was to support business growth. The cloud “boom” refers to the innovations made by cloud users and providers to respond to threats and vulnerabilities that have emerged during the pandemic.

The COVID-19 pandemic accelerated existing trends in enterprise security architecture, especially since organizations were forced to start considering cloud security in more sophisticated, location-agnostic ways, said Jasmine Henry, field security director at JupiterOne.

"I think remote, pandemic work models accelerated a concept Gartner calls 'cybersecurity mesh,' or surrounding each cyber asset with its own perimeters and controls for asset security in even the most unpredictable circumstances, Henry said. "Organizations have a better capacity for recovery when they adopt highly resilient approaches such as cybersecurity mesh and the DIE triad."

John Yun, vice president of product strategy at ColorTokens, said the industry needs to take a cautious approach in interpreting these types of data, especially in regard to cloud security. Yun said many organizations are still in the midst of migrating to the cloud, and while they hope they can extend many legacy security solutions to the cloud, in practice, that has seldom been the case.

"For example, solutions based on perimeter security or simple authentication often falter in the cloud that has no discernable perimeter and requires continuous authentication," Yun said. "You need to trust no one and verify everyone. Many organizations are currently experiencing these challenges, so any conclusion of improved overall security posture seems premature, and organizations must continue to exercise caution in their approach to cloud security."