Companies are still worried about cloud security risks. It makes sense: Moving data off-site always comes with the specter of loss or compromise, and many enterprises struggle with the notion of giving up any measure of security control.

As noted by ZDNet, however, a new Deloitte report may show the first signs of security slipping out of the top spot. Just 24 percent of respondents said security risk was the biggest factor in putting off cloud adoption. More than a quarter, meanwhile, tagged integration of existing apps and infrastructure as the largest obstacle to cloud uptake. Are security risks finally losing steam as cloud services evolve?

Security Risks Still a Concern

While companies are more willing to embrace the idea of security in the cloud, this doesn’t mean IT pros are slapping on rose-colored glasses and putting their feet up. In fact, those surveyed this year reported a “significant increase” in the use of data encryption and employee security training, while 55 percent said improvements to information security now drive much of their technology investment.

According to Baseline magazine, companies remain concerned about access controls — 53 percent cited difficulties managing and restricting access to sensitive data, up from 48 percent just two years ago. What’s more, almost half of businesses said that cloud services are deployed by departments other than IT, making it difficult to track usage or protect sensitive data.

Companies remain aware of security risks but are no longer allowing concern about public services to cloud their judgment when it comes to adoption. Instead, they’re devoting more time to training, focusing on security investment and keeping track of emergent threats.

A Perceptual Shift

To effectively embrace the new cloud services market, however, companies need more than the absence of worry. A perceptual shift is required if IT departments hope to chart new digital courses.

As noted by IT Pro Portal, one key aspect of this change stems from the recognition that tools and technology can’t secure cloud data in isolation. Governance now plays a critical role. How employees and executives interact with cloud-based applications is more important than where these services are located since physical server stacks often provide greater access to determined cybercriminals.

According to Computer Business Review, meanwhile, there’s an increasing emphasis on role-based access, rather than encryption, to enhance cloud protection. While encryption remains a critical step in the process, it’s not the final point. By implementing more granular access controls and assigning permissions on an as-needed basis, it’s possible for security professionals to take charge of critical cloud security policies while delegating more repetitive tasks to third-party providers.

There’s an attitude adjustment underway when it comes to cloud security risks. True transformation, however, demands both recognition of critical threats and a re-imagining of essential cloud controls.