The use of cloud services provides many advantages for organizations, from reduced cost and complexity to improved customer services and collaboration capabilities that boost productivity. However, many organizations still believe that the security risks of using cloud services is the greatest inhibitor to wider adoption.

Are the Security Risks Real?

According to the Cloud Industry Forum, while 70 percent of organizations in the U.K. said they have concerns regarding data security and 61 percent about data privacy, 99 percent have never experienced a security breach when using a cloud service.

Verizon found that 40 percent of its survey respondents believed the use of cloud resources is either much more or at least a bit more secure than on-premises solutions. A further 40 percent believe the cloud is about the same as on-premises infrastructure in terms of security.

CIO reported that almost all cloud services are highly resistant to attack, and all available evidence points to the fact that commercial cloud service providers have shown better performance in terms of security than end user organizations have. While there is growing recognition that clouds are generally secure, customers must make greater efforts in terms of security and take responsibility for appropriate use of cloud services. Gartner cautioned that 95 percent of security issues and failures of cloud services will be the fault of the customer, rather than the service provider, in 2020.

Cloud Customers Should Take More Responsibility for Security

Waning fears over cloud security are leading to increased focus on achieving visibility, managing access and protecting data on the part of security executives.

One area that holds much promise is the use of cloud access security broker solutions, which provide capabilities that include cloud discovery user analytics, identity and access management and threat prevention. Other technologies that will help organizations achieve more robust security include the implementation of security information and event management (SIEM) systems and enterprise mobility management offerings.

More must be done to ensure that sensitive data is protected, which is one of the greatest fears cited by security executives. According to the Ponemon Institute, 56 percent of organizations transfer sensitive or confidential information to the cloud regardless of whether it is encrypted. However, 71 percent claimed that support for cloud deployments is one of the most important features of encryption technologies.

Organizations that do not leverage these anonymizing techniques face significant security risks. Lack of security tools hamper enterprises’ ability to protect information and will leave them in danger of being unable to meet their compliance objectives in terms of data protection.

Cloud Security Remains Important

Secure clouds are growing in importance as regulations are set to get tougher, including the new EU general data protection regulation, which will impact all organizations that collect information on EU citizens no matter where in the world the organization is based or where the data is stored.

Cloud computing adoption is rising rapidly, and that growth looks set to continue despite continued concerns regarding the security risks involved. But it is not sufficient to assume that all responsibility for security is held by the cloud service provider. Organizations that wish to benefit from such services should ensure they have processes and controls that allow them to consume such services in the most secure manner possible.

Watch the webinar from Gartner and IBM: “Accelerate your Cloud Evolution”

More from Cloud Security

How Posture Management Prevents Catastrophic Cloud Breaches

We've all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration. Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall. Could a proper configuration have prevented that breach?…

How to Implement Cloud Identity and Access Governance

Creating identity and access governance across cloud environments is crucial for modern organizations. In our previous post, we discussed how important human and non-human identities are for these environments and why their management and the governance of their access can be difficult. In the face of these challenges, our cloud identity and access governance (CIAG) approach offers an orchestration layer between cloud identity and access management (IAM) and enterprise IAM, as the following graphic shows. As we continue our CIAG…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Why Are Cloud Misconfigurations Still a Major Issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe. With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And…