Some good news on the security front: businesses are growing increasingly aware of the security risks beyond the control of their cloud provider, according to new research by B2B ratings and reviews firm Clutch.
Its survey of 283 IT professionals who work at businesses that rely on cloud to some extent found that 70 percent of respondents prefer to store data in the cloud than on a legacy system. And more than half of those companies surveyed said that they are investing heavily in cloud security. According to the survey, the focus on cloud security spending has been sparked by the heightened need for information security. That’s encouraging news, since awareness in the past has not always translated into increased security spending.
I was also happy to read in this report that there is a realization that cloud security is, essentially, a partnership between the business and the cloud services provider — especially at the application security level. The report also found, in what may also be a bit of selection bias, those organizations that are using the cloud have a strong preference for cloud.
Highlights from the study include:
- Nearly 70 percent of businesses feel more comfortable storing data in the cloud than on a legacy system.
- Over half, 56 percent, of businesses spend more than $100,000 on additional security measures for their cloud.
- Nearly 1 in 4 businesses on the cloud utilize IoT features, despite potential security concerns.
- Almost two-thirds of businesses, 65 percent, follow regulatory standards from the Cloud Security Alliance.
- Additional encryption is the most used additional security feature.
In the post announcing the survey, founder and CEO of cloud consulting firm Zymr, Haresh Kumbhani, spoke on the increase in awareness that cloud security is a partnership between providers and enterprise customers: “There is suddenly a number of people recognizing that application-level security needs to be done by the user, not the vendor,” he said.
This is a point that is obvious to security experts, but many of those in organizations who buy and use cloud services are not aware that cloud services providers do their part to secure their cloud services, such as the infrastructure if a public cloud provider, while the customer is expected to secure their access and applications.
We certainly witnessed the impact of enterprises putting their cloud security efforts on autopilot, as we covered in his post, Waiting and Hoping is the Cybersecurity Anti-Strategy, regarding the Verizon breach and in my post Their Own Worst Enemy, regarding which details how some companies are suffering needlessly from self-inflicted wounds such as in the case of the poorly configured Dow Jones & Co. database that resided on Amazon S3 and reportedly held the data of 2 million, or more, Dow Jones & Co. customers. The data was publicly available to anyone who knew how to look for it.
Are enterprises awakening to the reality that they’re responsible for the security of their data and applications running in cloud services? The jury is still out on that, but few stories over time like those we’ve recently covered will be one good indication.