Perceptions of the security of cloud applications continue to improve, with more than half of CISOs in a recent survey agreeing that cloud applications are at least as secure as on-premises applications and a similar proportion citing access to those applications as the biggest security threat.
Fully 35 percent of the 2200 CISOs surveyed in the latest Bitglass Cloud Security Report said they believe cloud apps had matched on-premises applications in security terms, while 17 percent said cloud apps were more secure than on-premises apps.
This was up from a combined total of just 40 percent a year ago, reflecting growing recognition both that cloud providers continue to invest heavily in security and also that enterprises' more pointed security challenges lay in the management of identity-based access to data and applications by highly mobile employees, partners, and customers.
The deployment of enterprise-scale cloud productivity tools was driving the agenda at many companies, with 61 percent of organisations currently or planning to use Office 365 – up from 45 percent last year.
Exchange, Dropbox, Box, and ServiceNow all marked increases in adoption intentions of between 3 percent and 6 percent over last year, reflecting increasing enterprise comfort with cloud-based file storage and business process outsourcing.
Google Apps had slid in popularity last year, with the rate of current and planned deployments down from 29 percent last year to 26 percent this year; also declining was Salesforce.com, where the rate of current or planned deployments fell from from 37 percent to 34 percent.
“IT leaders understand that traditional security tools are not built for the cloud and are limited in their ability to protect data outside the corporate network,” said Bitglass CEO Nat Kausik in a statement. “While major cloud apps invest heavily in security, it is up to the enterprise to ensure secure, compliant use of the cloud.”
Ensuring this compliance is easier said than done, however – particularly in the context of often-laggard security policies and 'shadow IT' usage of cloud applications that are invariably being adopted by employees without IT approval.
Fully 36 percent of respondents said their company allows the use of unsanctioned apps within the workplace, while 42 percent actively block access to unsanctioned apps from the company network. This kind of blocking often leads employees to seek out workarounds, creating even more security risks – and highlighting the importance of tight control over access to fixed and cloud resources, despite CISOs' ongoing difficulties in doing so.
Indeed, unauthorised access was named by 53 percent of respondents as their top concern, with account hijacking second at 44 percent and intrinsically insecure APIs third, named by 39 percent of respondents.
External data sharing was named by 34 percent of respondents as a top concern, with one-third of CISOs worried about employees posting confidential data.
In use at 45 percent of the CISOs' sites, multi-factor authentication was the most widely adopted technology to manage access, with 43 percent encrypting their data and 41 percent using intrusion-detection tools.
Some 45 percent wanted, but lacked, the ability to be able to set and enforce security policies across multiple cloud apps while 43 percent wanted enforceable boundaries for their data and 41 percent said they wanted better reporting, auditing and alerting of security events.