CIOs Are Concerned Over Employees’ Cloud Misuse
90% of respondents are very or moderately concerned about public cloud security, which is delaying adoption of cloud computing. 47% of respondents were very concerned, 43% were moderately concerned, and 10% were either not at all concerned, or not sure.
The top five cloud security concerns are:, General security concerns: 45%, Data loss and leakage risks: 41%, Loss of control: 31%, Legal and regulatory compliance: 29%, Integration with existing IT environments: 29%
The top five public cloud security threats are:, Unauthorized access: 63%, Hijacking of accounts, services or traffic: 61%, Malicious insiders: 43%, Insecure interfaces/APIs: 41%, Denial of service attacks: 39%
80% of respondents are concerned about employees or visitors operating personal cloud storage services and the risk that poses regarding data privacy leakage. 43% of respondents said employees have access to personal storage services from their corporate network.
According to respondents, the top key factors for client security are:, Consistent security with other IT infrastructure: 60%, Continuous protection: 58%, Affordability: 26%
When moving to the cloud, companies partnered with managed service providers the most (34%), security software followed (33%), added security staff dedicated to security issues (31%), and looked at security-as-a-service providers to outsource (27%).
The top five preferred ways to improve cloud security are:, Setting and enforcing security policies across the cloud: 50%, APIs for reporting auditing and alerting on security events: 45%, Effective mapping of security controls for internally hosted applications to the cloud infrastructure: 41%, Isolation/protection of virtual machines: 39%, Ability to compare security levels across cloud providers: 38%
The majority of respondents believe data encryption is the most effective way to protect their data. The top five methods are: Data encryption: 65%, Network encryption: 57%, Access control: 48%, Intrusion detection and prevention: 48%, Security training: 45%
Perimeter-based security is not the whole answer to securing cloud infrastructure, according to 68% of the respondents. The remaining respondents think it is ineffective, or are not sure.