Cloud security and compliance concerns rise as investment grows

Industry predictions suggest that the world cloud market will exceed $250 billion by 2020, but a new report shows that as investment grows so do security concerns.

Crowd Research Partners has released the results of its 2016 Cloud Security Spotlight Report, created in conjunction with leading cloud security vendors Alien Vault, Bitglass, Cato Networks, CloudPassage, Dell Software, Dome9 Security, IMMUNIO, (ISC)2 and Randtronics.

Among the findings are the main barriers to cloud adoption, led by general security concerns (53 per cent, up from 45 per cent in last year's survey), legal and regulatory compliance concerns (42 per cent, up from 29 per cent), and data loss and leakage risks (40 per cent). The rise in specific concerns about compliance and integration suggests, say the report's authors, that companies are moving from theoretical exploration of cloud models to actual implementation.

The biggest threat to security comes from unauthorised access through misuse of employee credentials and improper access controls (53 per cent). This is followed by hijacking of accounts (44 per cent), insecure interfaces/APIs (39 per cent), and external sharing of sensitive information (33 per cent).

84 per cent of respondents are dissatisfied with traditional security tools when applied to cloud infrastructure. Traditional network security tools are somewhat ineffective according to 48 per cent of respondents, or completely ineffective (11 per cent), 25 per cent say effectiveness can't be measured in cloud environments.

Organisations moving to the cloud have a variety of choices available to strengthen their cloud security. 61 per cent of organisations say they plan to train and certify existing IT staff, 45 per cent want to partner with a managed security services provider, and 42 per cent plan to deploy additional security software to protect data and applications.

"As organisations look to cloud computing to reduce IT costs, increase agility and better support business functions, security of data and applications in the cloud remains a critical requirement," says Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. "The 2016 Cloud Security Report indicates that as organisations increase investments in cloud infrastructure, they are seeking a similar level of security controls and functionality to what's available in traditional IT infrastructures.

"However, they are finding traditional security tools ineffective in the cloud. In a shared responsibility model, this is an opportunity for organisations to implement effective cloud security solutions to strengthen their security posture and capitalise on the promise of cloud computing".

The full report is available to download from the InfosecBuddy website.

Image source: Shutterstock/Maksim Kabakou