CIOs Are Concerned Over Employees’ Cloud Misuse
-
Concerns About Cloud Security
90% of respondents are very or moderately concerned about public cloud security, which is delaying adoption of cloud computing. 47% of respondents were very concerned, 43% were moderately concerned, and 10% were either not at all concerned, or not sure. -
Barriers to Cloud Adoption
The top five cloud security concerns are:, General security concerns: 45%, Data loss and leakage risks: 41%, Loss of control: 31%, Legal and regulatory compliance: 29%, Integration with existing IT environments: 29% -
Security Threats in Public Clouds
The top five public cloud security threats are:, Unauthorized access: 63%, Hijacking of accounts, services or traffic: 61%, Malicious insiders: 43%, Insecure interfaces/APIs: 41%, Denial of service attacks: 39% -
Personal Storage Concerns
80% of respondents are concerned about employees or visitors operating personal cloud storage services and the risk that poses regarding data privacy leakage. 43% of respondents said employees have access to personal storage services from their corporate network. -
Consistent Security Needed
According to respondents, the top key factors for client security are:, Consistent security with other IT infrastructure: 60%, Continuous protection: 58%, Affordability: 26% -
Security Needs Moving to Cloud
When moving to the cloud, companies partnered with managed service providers the most (34%), security software followed (33%), added security staff dedicated to security issues (31%), and looked at security-as-a-service providers to outsource (27%). -
Setting Cloud Security Policies
The top five preferred ways to improve cloud security are:, Setting and enforcing security policies across the cloud: 50%, APIs for reporting auditing and alerting on security events: 45%, Effective mapping of security controls for internally hosted applications to the cloud infrastructure: 41%, Isolation/protection of virtual machines: 39%, Ability to compare security levels across cloud providers: 38% -
Encryption Remains Key
The majority of respondents believe data encryption is the most effective way to protect their data. The top five methods are: Data encryption: 65%, Network encryption: 57%, Access control: 48%, Intrusion detection and prevention: 48%, Security training: 45% -
Perimeter Security Falls Short
Perimeter-based security is not the whole answer to securing cloud infrastructure, according to 68% of the respondents. The remaining respondents think it is ineffective, or are not sure.
The dominant cloud security concerns for IT leaders are misuse of employee credentials and improper access to control, not malware and hacking, according to a new report. The first two are at the top list for IT executives and managers in enterprise despite the many breaches of 2014. The No. 1 way to secure the cloud is the ability to set and enforce consistent client security policies by encrypting data, states the new report, which was conducted by Bitglass, the cloud access security broker. Its "Cloud Security Spotlight Report" is based on a survey of 1,010 professionals from a broad range of industries, company sizes, departments and career levels. "The report confirms that the cloud is increasingly part of enterprises' IT plans, with some 72% of organizations saying that they are either planning to implement or are actively implementing cloud environments," said Nat Kausik, Bitglass CEO. "At the same time, organizations are concluding that SaaS applications are less secure, slowing widespread adoption of these technologies."