After surveying more than 1,000 cybersecurity professionals, a cloud trends study found that steady adoption of the cloud hasn't eased practitioners' security concerns. In fact, 9 out of ten organizations were “moderately concerned” to “very concerned” about public cloud security, the report said.
Published Wednesday by Crowd Research Partners, the 32-page “Cloud Security Spotlight Report” (PDF) highlighted major drivers and risk factors associated with cloud adoption, as well as organizational attitudes about such trends. The study was conducted with cooperation from the Information Security Community on LinkedIn and cloud security providers, such as AlienVault, AlertLogic, Bitglass and Palerra, CRP said in a release.
In addition to 90 percent of organizations having concerns about public cloud security, the report ranked the top three cloud adoption barriers: general security concerns (45 percent), data loss and leakage risks (41 percent) and loss of control (31 percent).
As far as the biggest security threats introduced by public cloud use, 63 percent of participants said that unauthorized access via “misuse of employee credentials and improper access controls” was a principal concern. Sixty-one percent of those polled said that hijacked accounts, services or traffic was one of the biggest cloud security threats, while 43 percent voted “malicious insiders" as a top threat.
The occurrence garnering the smallest percentage of votes was natural disasters. Only seven percent of respondents said that Mother Nature was a top threat to cloud security.
Another major finding in the study was that, “despite SaaS providers' significant investments in security, 36 percent of respondents believe that major cloud apps such as Salesforce and Office 365 are less secure than on-premise applications,” the report said. “Only 12 percent believe these apps are more secure.”
The report also included a section on key ways to implement cloud security. Survey participants voted “consistent security across IT infrastructures,” the most important factor (60 percent) for securing cloud environments, followed closely by continuous protection (58 percent).
Half of respondents said that setting and enforcing consistent cloud security policies was the “most popular method to close the cloud security gap,” the study said. The use of application programming interfaces (APIs) for reporting, auditing and alerting organizations of security events was ranked the second-most popular method (45 percent) among participants.