In the second annual Cloud Security Survey, CloudPassage surveyed the more than 300,000 members of LinkedIn's Information Security Community on the state of cloud security. As companies continue to invest in the cloud to reduce IT costs and increase flexibility and scalability, privacy and security of data remain top concerns.
Among the key findings include the following:
- Security concerns are the number one barrier to cloud adoption. General security concerns (53%) top the list, followed by legal and regulatory compliance concerns (42%—up from 29% in last year's survey) and data loss and leakage risks (40%).
- The top types of data stored in the cloud are email (44%), customer data (31%), sales and marketing data (31%), and employee and payroll data (30%).
- The specific threats to public cloud security that the survey highlights include (i) unauthorized access through misuse of employee credentials and improper access controls (53%), (ii) hijacked accounts (44%), and (iii) insecure interfaces/APIs (39%).
- The vast majority (84%) of respondents are dissatisfied with traditional security tools when applied to cloud infrastructure, because they are somewhat ineffective (48%), completely ineffective (11%), or can’t be measured for effectiveness (25%) in cloud environments.
- To strengthen cloud security, 61% of organizations plan to train and certify existing IT staff, 45% plan to partner with a managed security services provider, and 42% plan to deploy additional security software to protect data and applications in the cloud.
The rise in specific concerns about compliance and integration suggests that companies are moving from theoretical exploration of cloud models to actual implementation. These results also suggest that companies are further along in implementation of cloud models compared with last year and are looking for security solutions that enhance the capabilities that service providers offer.
The authors of this post and the other members of our outsourcing, technology, and strategic commercial transactions practice regularly provide counsel and contractual protections to address cloud security issues. In addition, members of our privacy and cybersecurity practice are available to respond to data breach and regulatory issues in the cloud.