69% of IT Security Pros Concerned About Unauthorized Cloud Data Access

The adoption of cloud services continues to increase, with 68% of organizations now using at least one cloud service, up from 43% last year. However, the security of data stored in the cloud is still a major concern, according to the second annual Cloud Security Report from Netwrix.

For the global Cloud Security Report, Netwrix surveyed 660 companies spread across more than 30 industries. The research shows that while cloud service providers are committing more resources to protecting their infrastructure and customers’ data, they are struggling to convince IT security professionals that adequate protections have been put in place.

7 out of 10 organizations expressed concern about the privacy and security of cloud technology and fewer than half of organizations (44%) that use cloud services believed adequate protections had been implemented by their cloud service providers.

The biggest concern was unauthorized data access by employees and third parties. 69% of respondents expressed concern about unauthorized access. The other two main concerns were malware and Denial of Service attacks, rated as a top concern by 37% and 34% of survey respondents respectively.

The survey shows that many organizations are frustrated by the lack of visibility, not only by privileged users but also their own employees. While misuse of cloud services by privileged users is a worry, organizations are more concerned about insider misuse. 24% of respondents complained about the inability to view the activities of privileged users, while 29% said they would like to be able to monitor the activities of their own employees.

When asked about the importance of visibility, an overwhelming majority said visibility into user activities was an important part of security guarantees. Just 5% of respondents said visibility did not have any impact on cloud data security.

The perceived lack of security is stopping many organizations from adopting cloud services. Out of the respondents who were pessimistic about the cloud, 56% said better security mechanisms would be likely to change their mind about cloud technology adoption. Data security concerns are high, but confidence in cloud data security is improving. Last year when the same question was asked, 64% said better security would change their minds.

Cost was also a major concern. 54% of respondents said lower costs would help to change their minds about cloud technology and services, which is unsurprising considering 33% of respondents said cloud technology did not meet their budgetary expectations.

18% of IT security professionals said nothing would change their mind about cloud technologies and that they would consider incorporating them into their IT landscapes.

Of the respondents that had already adopted cloud services, 41% claimed the use of the cloud had improved security while 30% said cloud adoption had made no change to the security of their IT infrastructure or data. Only 11% thought cloud adoption had had a negative impact on infrastructure or data security.

According to the survey, the most popular cloud models were software-as-a-service (SaaS), followed by infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS). 73% of organizations use SaaS, 34% use IaaS, and 26% use PaaS, with a growing trend for businesses to adopt a hybrid cloud model – A combination of private and public clouds. The decision to opt for the hybrid model was to help balance costs, ensure sensitive data was appropriately secured, and to get the maximum business benefits.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.