Public cloud offers greater security but less visibility, many firms believe
Confusion over cloud security responsibilities, a lack of visibility and shadow IT are complicating corporate security, according to new research from software company Oracle and consulting firm KPMG. This comes as organizations continue to move business-critical workloads and their most sensitive data to the cloud.
For the study, the companies surveyed 450 cyber security and IT professionals from private and public-sector organizations in North America, Western Europe and Asia, and found that 72 percent feel the public cloud is more secure than what they can deliver in their own data center and are moving data to the cloud.
However, visibility gaps remain that can make it hard for businesses to understand where and how their critical data is handled in the cloud, the report said.
The survey found a projected 3.5 times increase in the number of organizations with more than half of their data in the cloud from 2018 to 2020, and 71 percent of organizations indicated that a majority of this cloud data is sensitive. A majority of organizations (92 percent) said they are concerned about employees not following cloud policies designed to protect this data.
Confusion about the shared responsibility security model has resulted in cyber security incidents, with 82 percent of cloud users having experienced security events due to confusion over the shared responsibility model. While 91 percent have formal methodologies for cloud use, 71 percent are confident these policies are being violated by employees, leading to instances of malware and data compromise.