For the third year in a row CloudPassage has been a proud sponsor of the Cloud Security Spotlight Report, in partnership with LinkedIn. Like prior reports, the 2017 report showcases the ongoing trends and data points in cloud security, providing insights into how organizations stack up in the quest for airtight security in a rapidly changing landscape.
While the key findings continued to build upon the data from previous reports, 2017 marked some interesting changes surrounding the perceptions of the cloud, including when and how security should be involved in comparison to the previous reports.
Naturally we compared the largest changes. After all, how useful is your data unless you have something to compare it to?
Key findings in the 2017 report
- Cloud computing has become mainstream for applications, services, and infrastructure, but concerns about cloud security still remain high.
- The cloud brings security challenges that require a new skillset. To address these evolving security needs, a majority of organizations want to train and certify their current IT staff – 53% to be exact.
- More and more, organizations are realizing that traditional security tools won’t work in the cloud. 75% of respondents claim traditional security solutions either don’t work at all or have limited functionality, a 20% increase from 2016.
- Visibility into cloud infrastructure is the biggest security management headache for 37% of respondents, up from second place in 2016, with compliance now the second-largest concern.
- One-third of respondents believe cloud security budgets will increase over the course of this coming year.
Notable data points and changes
Industry perception of cloud security and what it means to be “agile” has changed drastically in just two years. The idea of moving into the cloud went from being something that 71% of companies were planning or beginning to do in 2015, to today having 76% of companies actively piloting or implementing cloud operations.
It seems that for for most, the question has gone from, should we move into the cloud, to how best can we move into the cloud securely?
While there are several barriers to cloud consumption, the largest jump has been the lack of staff and expertise to manage cloud security which is now the second largest concern at 28%, up from 5th place in 2016. General security risks are still the number one concern, polling at 33%.
Overall, the 2017 report found that 81% of organizations are still concerned about cloud security to varying degrees, and security concerns continue to be the largest factor holding back cloud adoption. When it comes to the specific challenges of cloud security, respondents remain virtually unchanged with data loss / leakage still considered to be the largest concern at 57%. Unauthorized access is the biggest cloud security threat, with 61% of this year’s respondents being concerned about this, compared to 53% in 2016.
But regardless of the overarching concerns, most respondents agreed that there are several benefits to moving into the cloud. The main driver for considering a cloud based security solution is a faster time to deployment, polling at 52% compared to 48% in 2016. The main cloud benefit was considered to be the flexible capacity / scalability that comes with a cloud infrastructure ranked at 47%, up from 36% in 2016.
Most organizations also reported making important changes to the way they protected their cloud environments. Penetration testing and security monitoring were key, polling at 60% and 57% respectively. This is a significant jump for cloud monitoring, which was only employed by 38% or organizations last year.
Interestingly, while the need for cloud adoption has become clear as companies invest in agile practices such as DevOps, more organizations consider the cloud to be at a higher risk for security breaches compared to traditional IT environments, 41% compared to last year’s 21% – a significant reversal.
All in all, the need to scale with agility has driven businesses into the cloud, as trust issues with security remain. Companies are beginning to understand that traditional security models don’t function in a cloud-based environment and additional cloud security will be the key to remaining un-compromised and in compliance. Talent acquisition and additional training is necessary for the cloud, but the benefits of agility at any scale far outweigh the challenges faced as teams begin to transition.
For more information, check out our press release.