More organizations are now taking advantage of the benefits of the cloud, yet 70% of IT professionals are concerned about cloud security risks, according to the second global Cloud Security Survey from Netwrix Corp.
The biggest concern is the potential for sensitive data to be accessed by employees of cloud service providers and third parties. 69% of respondents said unauthorized access was their biggest concern. Malware was also perceived to be a major risk, rated as a top concern by 37% of respondents. DDoS attacks were also a major concern for 34% of respondents.
Cloud service providers usually commit considerable resources to protecting customer data, yet the lack of visibility into how cloud service providers operate and how their cloud environments are structured does not inspire confidence in security. When asked about the importance of visibility, 95% of respondents said it was an important element of cloud service providers’ security guarantees.
Even with the perceived – and often real – cloud security risks, the benefits of the cloud are too great to ignore. 68% of organizations have now adopted cloud services compared to 43% in 2015, although relatively few organizations have moved their entire IT infrastructure to the cloud. Only 8% of respondents said their organization was ready to move all of their IT infrastructure to the cloud.
Many organizations prefer to use the hybrid cloud model rather than using the cloud for their entire IT infrastructure. The hybrid cloud model is a mix of on-premises IT and private and public cloud services. 40% of organizations are using this model according to the survey, and 55% of organizations prefer this approach.
The ability to move between private and public clouds is seen to give businesses much greater flexibility and more data deployment options, while also allow them to mitigate cloud security risks more effectively and balance costs.
According to Netwrix Corps’s CEO and co-founder, Alex Vovk, “The 2016 survey has revealed that despite cloud providers trying hard to secure the cloud environments, the majority of IT pros are still not convinced that the technology is safe enough—mainly because of the insider threat.”
Vovk suggests that cloud adoption is likely to increase if visibility is improved. He also points out that “Advanced security solutions and an integrated view of activities both in the cloud and on premises will help companies increase user accountability, detect insider threats faster and prevent data exfiltration, thus minimizing the damage from unauthorized or incorrect user actions.”