"As organizations look to cloud computing to reduce IT costs, increase agility and better support business functions, security of data and applications in the cloud remains a critical requirement,” said Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. “The 2016 Cloud Security Report indicates that as organizations increase investments in cloud infrastructure, they are seeking a similar level of security controls and functionality to what’s available in traditional IT infrastructures. However, they are finding traditional security tools ineffective in the cloud. In a shared responsibility model, this is an opportunity for organizations to implement effective cloud security solutions to strengthen their security posture and capitalize on the promise of cloud computing.”
The 2016 Cloud Security Spotlight Report shows that:
Security concerns top the list of barriers to cloud adoption led by general security concerns (53 percent, up from 45 percent in last year’s survey), legal and regulatory compliance concerns (42 percent, up from 29 percent), and data loss and leakage risks (40 percent). The rise in specific concerns about compliance and integration suggests that companies are moving from theoretical exploration of cloud models to actual implementation.
Unauthorized access through misuse of employee credentials and improper access controls is the single biggest threat (53 percent) to cloud security. This is followed by hijacking of accounts (44 percent) and insecure interfaces/APIs (39 percent). One in three organizations say external sharing of sensitive information is the biggest security threat.
The vast majority (84 percent) of respondents are dissatisfied with traditional security tools when applied to cloud infrastructure. Respondents say traditional network security tools are somewhat ineffective (48 percent), completely ineffective (11 percent), or can’t be measured for effectiveness (25 percent) in cloud environments.
The top three security headaches for organizations moving to the cloud include the following use cases: verifying security policies (51 percent), visibility (49 percent), and compliance (37 percent). These results suggest that companies are further along in implementation of cloud models compared with last year and are looking for security solutions that enhance the capabilities provided by service providers.
Organizations moving to the cloud have a variety of choices available to strengthen cloud security. 61 percent of organizations plan to train and certify existing IT staff, 45 percent partner with a managed security services provider, and 42 percent deploy additional security software to protect data and applications in the cloud.