Nominet has announced its Cybersecurity and the Cloud research, which revealed that 61% of security professionals believe the risk of a security breach is the same or lower in cloud environments compared to on-premise. The research, surveying nearly 300 UK and US C-level security professionals, marks a tipping point in the perception of security of the cloud.
That said, the cloud’s perceived superiority over on-premise does not mean that respondents considered cloud systems to be completely safe.
Cybersecurity concerns with cloud adoption
In fact, the research found that 71% were either moderately, very or extremely concerned about malicious activity in cloud systems. As new regulations such as GDPR have increased the potential penalties, over half (56%) of respondents cited fines for data leaks as their biggest concern, closely followed by the increasing sophistication of cybercriminals (54%). Interestingly, some security professionals are more concerned than others:
- US respondents were more wary of the cloud than their UK counterparts, responding almost twice as likely to be extremely concerned (21% versus 13%)
- Respondents from heavily regulated industries were more likely to be very or extremely concerned by the security risk posed by cloud: healthcare (55%), financial services (47%) and pharma (46%)
- Finally, organisations that were breached in the past 12 months were more than twice as likely to say cloud is higher risk (52% versus 25%)
“Security has traditionally always been cited as a barrier to cloud adoption, so it is significant that the perceived risk gap between cloud and on-premise has disappeared,” said Stuart Reed, VP of Cyber Security at Nominet.
“It is evident that security concerns are no longer an insurmountable barrier to cloud deployments given the high adoption rate of cloud services. And, as we move into the ‘cloud era’, arguably security teams need to channel their concern into finding solutions that work with the cloud, just as they have been doing in an on-premise environment. The shift in attitude between on-premise and cloud doesn’t change the remit for security teams, it just puts us on a different type of playing field.”
Single-cloud, multi-cloud or hybrid – what’s safest?
The research also looked into the relative security of cloud storage strategies and found that a multi-cloud approach is seen to be more risky than hybrid and single-cloud approaches. Those adopting a multi-cloud approach were far more likely to have suffered a data breach over the past 12 months: 52% versus 24% of hybrid-cloud users and 24% of single-cloud users. Companies with a multi-cloud approach are also more likely to have suffered a larger number of breaches: 69% suffering between 11 to 30 breaches compared to 19% of those from single-cloud and 13% from hybrid-cloud businesses.
“When it comes to ensuring resilience and being able to source ‘best-in-class’ services, using multiple vendors makes sense,” explained Reed. “However, from a security perspective, the muti-cloud approach also increases exposure to risk as there are a greater number of parties handling an organisation’s sensitive data. This is exactly why an eye must be kept on integration and a concerted effort be made to gain the visibility needed to counter threats across all different types of environments.”
Security through the cloud
While the cloud is sometimes viewed as a challenge for businesses, it is also seen by almost all companies as a security enabler. Adoption of different cloud solutions are mixed – SaaS (71%) and IaaS (60%), PaaS (48%), BPaaS (30%), FaaS (25%) – but adoption of cloud-based security solutions is near ubiquitous (92%).
The most popular cloud security tools are firewalls (55%), email security (52%), antivirus/antimalware (48%) and data loss prevention (48%). The majority (57%) of respondents said that they expected their cloud security budget to increase in the next 12 months.
“It makes absolute sense that organisations trusting an increasing amount of their data to the cloud are also utilising its benefits to improve their security,” concluded Reed.
“Security, more than any other enterprise IT function, requires speed – of deployment and implementation. The ability of the cloud to rapidly deliver new security services that integrate easily into organisations’ existing systems is a key value driver and explains why cloud security tools have been adopted so broadly.”