(ISC)²'s bi-monthly e-newsletter Cloud Security INSIGHTS, delivers timely, must-read original articles for the professional development of infosecurity practitioners focused on cloud security.
CLOUD SECURITY INSIGHTS NOVEMBER ISSUE SPONSOR
Vendor Risk Management Solution Checklist
Outsourcing to third parties exposes organizations to more shared risk. Automating vendor risk management (VRM) activities can help you keep up with increasing scope and scrutiny. This checklist explains the key features to look for in a VRM solution and how to quickly make a significant impact.
Download the checklist
NOVEMBER CLOUD SECURITY INSIGHTS
In Cloud We Trust (Mostly), According to New Survey
BY DEBORAH JOHNSON
Since organizations began digital transformations en masse, a perennial question has been: Is data safer in the cloud or on-premises? A new survey shed some insight on how both are currently perceived by cybersecurity executives.
To measure the use of cloud services—now a $325 billion global market—and the level of trust in them, Nominet Cyber Solutions queried 274 C-level and other high-ranking cybersecurity professionals in the United States and United Kingdom.
When it comes to trust, 61% of the respondents said they believe the risk of a security breach is the same or lower in cloud environments than on-premises, while 37% believe the risk is greater. The industries most uncomfortable with security risks associated with the cloud are utilities (69%), healthcare (55%) and government (50%).
For everyone else, benefits of cloud usage outweigh fears. Almost nine out of 10 respondents said that their organizations have adopted or intend to adopt cloud services, particularly software as a service (SaaS) solutions. An even higher number, 92%, reported that their businesses are adopting cloud-specific security solutions.
“We’ve really reached the tipping point in cloud adoption,” said Stuart Reed, vice president of product and marketing at Nominet, in a phone interview. “Historically, security has been seen as a bit of a barrier to cloud adoption in terms of associated security risks.”
But that has changed, he added. “Not only do [adopters] see cloud longevity being comparable or less risky than on-premises environments, they are wrapping in their security from a cloud perspective.”
Despite the growing acceptance of cloud-based security, nearly three-quarters of the respondents in Nominet’s survey expressed concern about various security risks, from moderate to extreme. Industries most concerned with customer data loss include healthcare (55%), financial services (47%) and pharma (46%).
Of the aforementioned 92% of the cybersecurity professionals investing in cloud-based security, their purchases primarily included firewalls (55%), email security (52%), antivirus/anti-malware software (48%) and data loss prevention tools (48%).
What’s driving the interest in cloud security solutions? Respondents listed improved features (53%) and cost savings (45%) as key reasons.
Many businesses are turning to third parties to provide cloud-based security, citing cost effectiveness (67%), seamless integration with existing systems (62%) and ease of deployment (58%). And, according to the survey, 63% are going beyond individual security solutions and outsourcing their entire cloud security operation to a managed service provider. Security budgets reflect that interest, with 57% of respondents saying they expect their budgets to increase.
Outsourcing cloud security, warns Nominet’s Reed, does not mean a free pass on protecting data stored within these virtual environments. “Organizations are starting to recognize that there is a subtle but serious difference between outsourcing control to cloud providers and outsourcing responsibility.” And regulations, such as the European Union’s General Data Protection Regulation (GDPR), will enforce that responsibility.
“It doesn’t matter what size organization you are, you still have a responsibility,” Reed said. “There needs to be a greater appreciation that anybody who works with the processes that handle data has the responsibility to protect that data, regardless of how big or small you are.”
DEBORAH JOHNSON is managing editor at InfoSecurity Professional.