Perception of cloud security within enterprises is improving

The perception of cloud security within enterprises is improving dramatically year-over year as cloud applications mature, according to Bitglass.

One of the most significant findings is that 52 percent of organizations are confident that cloud apps are as secure as premises-based apps, up from 40 percent a year ago. The report reflects the insights of more than 2,200 cybersecurity professionals who were surveyed about enterprise cloud usage and security.

With the growing confidence in cloud application security, Microsoft Office 365 has continued to overtake Google Apps in 2016. According to the report, 61 percent of organizations have existing or planned Office 365 deployments, up from 45 percent last year. Google Apps deployments are down from 29 percent in 2015 to 26 percent in 2016. This shift is in part driven by the need for continuity, trusted enterprise-class support and familiarity with Microsoft’s platform in organizations that have existing on-premises Exchange deployments.

“IT leaders understand that traditional security tools are not built for the cloud and are limited in their ability to protect data outside the corporate network,” said Nat Kausik, CEO, Bitglass. “While major cloud apps invest heavily in security, it is up to the enterprise to ensure secure, compliant use of the cloud – a need that Cloud Access Security Brokers (CASB) fill.”

Key findings

• For the first time, more than half of enterprises surveyed (52 percent) believe that cloud applications are as secure or more secure than premises-based applications. This figure increased significantly from last year, when only 40 percent of enterprises felt cloud-based application security was on par with or better than on-premises applications.
• Google continues to lose market share to Microsoft within in the enterprise. Now 61 percent of organizations have existing or planned Office 365 deployments, up from 45 percent last year. Google Apps deployments are down from 29 percent in 2015 to 26 percent this year.
• Cloud apps themselves are secure, but user behavior exposes organizations to leaks; 53 percent of organizations cite unauthorized access as the single biggest threat to cloud security. One in three organizations say external sharing of sensitive information is the biggest security threat.
• Trouble is on the horizon for security companies such as Symantec and Palo Alto Networks; a full 59 percent of organizations believe their traditional security infrastructure, including next-gen firewalls, is unable to effectively secure data in the cloud.
• 56 percent of enterprises plan to set and enforce security policies across multiple cloud apps with technologies such as CASB.
• Knowledge of shadow IT is not driving changes in policy – only 42 percent of organizations have policies against the use of unsanctioned file-sharing apps, up slightly from 36 percent last year.

Top threats and drivers of cloud adoption

IT leaders feel that cloud is living up to the hype, citing availability, cost reduction and flexible scalability as realized benefits of cloud apps. On the other hand, security threats loom large. The top threats that concern security leaders as they adopt cloud apps are unauthorized access (53 percent), risk of data leakage (49 percent), data privacy (46 percent). Account hijacking (44 percent), insecure APIs (39 percent) and external sharing (34 percent) were also cited among top concerns.