Concerns over data security continue to be the number one issue preventing many organizations from taking their data to the cloud, but the level of fear over cloud security is dropping, according to a new study.

In fairness, the study is self-serving, prepared by the Cloud Security Alliance (CSA) and sponsored by Skyhigh Networks. Entitled “The Cloud Balancing Act for IT: Between Promise and Peril,” the study reports that security professionals receive, on average, 10.6 requests each month for new cloud services; and 71% of companies now have a formal process for users to request new cloud services. 

“Cloud adoption does not have to mean opening up your organization to increased security risks and threats if the right policies are in place,” the study noted.

The cloud study includes responses from more than 200 IT and security professionals, from a variety of company sizes and industries. The survey covered several topics ranging from the need to hire CISOs to help curb the likelihood of cyber threats, to just how much of the business IT is willing to hand over to cloud services from their legacy on-premises solutions.

Among the report highlights:

• Customer relationship management (CRM) is the most widely used cloud-based system of record today, but companies have plans to move other systems to the cloud including sales and HR.

• Cloud confidence is rising: 64.9% of IT leaders think the cloud is as secure, or more secure than on premises software.

• CISOs play an important role in security – having one makes a company more likely to take steps to prepare for a cyber-attacks.

• The top barrier to stopping data loss in the cloud is a lack of skilled security professionals.

• 24.6% of companies would be willing to pay a ransom to hackers to prevent a cyber attack and 14.0% would pay more than $1 million.

“As a growing number of companies have become more confident in cloud security measures and, with that, are moving their systems of records to the cloud, the role of IT and its relationship to the line of business is changing,” said Jim Reavis, CEO of the CSA. “This survey provides excellent insight into what security professionals are doing to minimize the risks and maximize the benefits of transforming their businesses into cloud-first organizations.”

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing. The alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

Skyhigh Networks is a cloud security and enablement company headquartered in Campbell, Calif.