Over half of CISOs now think cloud is as secure as on-premises apps

Cloud-app adoption increasing as attention shifts to managing access, account controls

Perceptions of the security of cloud applications continue to improve, with more than half of CISOs in a recent survey agreeing that cloud applications are at least as secure as on-premises applications and a similar proportion citing access to those applications as the biggest security threat.

Fully 35 percent of the 2200 CISOs surveyed in the latest Bitglass Cloud Security Report said they believe cloud apps had matched on-premises applications in security terms, while 17 percent said cloud apps were more secure than on-premises apps.

This was up from a combined total of just 40 percent a year ago, reflecting growing recognition both that cloud providers continue to invest heavily in security and also that enterprises' more pointed security challenges lay in the management of identity-based access to data and applications by highly mobile employees, partners, and customers.

The deployment of enterprise-scale cloud productivity tools was driving the agenda at many companies, with 61 percent of organisations currently or planning to use Office 365 – up from 45 percent last year.

Exchange, Dropbox, Box, and ServiceNow all marked increases in adoption intentions of between 3 percent and 6 percent over last year, reflecting increasing enterprise comfort with cloud-based file storage and business process outsourcing.

Google Apps had slid in popularity last year, with the rate of current and planned deployments down from 29 percent last year to 26 percent this year; also declining was Salesforce.com, where the rate of current or planned deployments fell from from 37 percent to 34 percent.

“IT leaders understand that traditional security tools are not built for the cloud and are limited in their ability to protect data outside the corporate network,” said Bitglass CEO Nat Kausik in a statement. “While major cloud apps invest heavily in security, it is up to the enterprise to ensure secure, compliant use of the cloud.”

Ensuring this compliance is easier said than done, however – particularly in the context of often-laggard security policies and 'shadow IT' usage of cloud applications that are invariably being adopted by employees without IT approval.

Fully 36 percent of respondents said their company allows the use of unsanctioned apps within the workplace, while 42 percent actively block access to unsanctioned apps from the company network. This kind of blocking often leads employees to seek out workarounds, creating even more security risks – and highlighting the importance of tight control over access to fixed and cloud resources, despite CISOs' ongoing difficulties in doing so.

Indeed, unauthorised access was named by 53 percent of respondents as their top concern, with account hijacking second at 44 percent and intrinsically insecure APIs third, named by 39 percent of respondents.

External data sharing was named by 34 percent of respondents as a top concern, with one-third of CISOs worried about employees posting confidential data.

In use at 45 percent of the CISOs' sites, multi-factor authentication was the most widely adopted technology to manage access, with 43 percent encrypting their data and 41 percent using intrusion-detection tools.

Some 45 percent wanted, but lacked, the ability to be able to set and enforce security policies across multiple cloud apps while 43 percent wanted enforceable boundaries for their data and 41 percent said they wanted better reporting, auditing and alerting of security events.

Join the CSO newsletter!

Error: Please check your email address.

Tags cloud applicationsecurity threataccess managementCISOssaleforceencryped dataidentity access managementcloud appsGoogle AppsBitglassOffice 365

More about DropboxGoogleSalesforce.comServiceNow

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts