Companies Still Struggling with Cloud Security: Reported Higher Incidence of Data Security Lapse or Issue From 2011

Press release from the issuing company

Thursday, August 30th, 2012

Globally, the cloud continues to pose challenges on how to deliver agile, yet secure, IT services to enterprises. The percentage of companies that reported a data security lapse or issue with their cloud service increased from 43 percent in 2011 to 46 percent in 2012, according to a recent global cloud security survey conducted by Trend Micro, the global leader in cloud security. 

Trend Micro's annual survey of 1400 IT decision makers from the U.S., UK, Germany, India, Canada, Japan and Brazil found that India had the highest incidence (67 percent) of data security lapse or issue, followed by Brazil (55 percent). India also had the highest – 12 percent -- increase of security lapse or issue in 2011, followed by Japan (a 7 percent increase) and Canada (a 6 percent increase). According to the survey, Japan is less likely to adopt cloud computing than any of the other countries surveyed.  Japan also has the lowest usage level for VDI, public cloud and private cloud. 

From 2011 to 2012, the overall global cloud adoption increased from 55 percent to 59 percent.  This increase may account for the security issues that companies reported in the survey, especially in countries such as India and Canada where cloud adoption rates increased the most.  India's adoption rate grew from 38 percent in 2011 to 49 percent in 2012; Canada's adoption rate grew from 42 percent in 2011 to 51 percent in 2012.

Other survey highlights include:

  • Over half (53 percent) of the decision makers surveyed stated that data security is a key reason for holding back their adoption of cloud solutions. This finding is in line with the 40 percent of respondents who stated that their IT security requirements are not being met by current cloud services.
  • 53 percent surveyed expressed more willingness to consider using the cloud if cloud providers took a more hands on approach to securing data or if they knew more about how to secure their data in the cloud.
  • Despite trepidation in utilizing cloud services, the number of enterprises that have deployed public and private cloud solutions have increased to 20 percent, up from the 13 percent that had solutions deployed in 2011.
  • Those respondents who have active public cloud deployments will assign 53 percent of new applications to the cloud within the next year, up from the 46 percent of applications that are currently deployed in the cloud. This signals a consistent rise in demand for cloud services amongst enterprises that have already embraced the cloud.
  • There is still confusion about what cloud computing services exactly are. When presented with a list of cloud services, 94 percent of the respondents said they are currently using at least one of them. However, 9 percent of these respondents indicated, that their company has no plans to deploy cloud computing services. This is consistent with 2011 when 7 percent had the same response.
  • For those who have public cloud in production, the vast majority indicated that they encrypt their data stored in the cloud (89 percent). This is a 4 percent increase from 2011. 87 percent said they keep a 1:1 copy of all data that is synched to the cloud.

"Cloud computing is a reality for all enterprises operating today. However, in the race to put data in the cloud to save on overall costs, companies need to be aware of the hidden cost in terms of data security," said Dave Asprey, vice president of cloud security, Trend Micro. "Cloud providers are not doing enough to secure current cloud services, and enterprises need to broaden their security policies to protect applications and data stored in the cloud as strongly as they protect these within the company's internal infrastructure."

Responsibility for cloud security is shared between the service provider and enterprise

The more cloud infrastructure is controlled by the enterprise, the more the responsibility falls to the organization to provide security.  For example, with an Infrastructure as a Service (IaaS) cloud the service provider is responsible for securing the underlying hardware, but businesses are expected to secure their virtual infrastructure and their applications and data built on top of it. This can be achieved with VM security that extends to cloud environments with integrated file and network level protection.  But as cloud service providers offer more of the underlying platforms and applications, such as a Platform as a Service (PaaS) or Software as a Service (SaaS), they take on more of the responsibility for security.

Not only is security an inhibitor to cloud deployments, but performance or availability is also a top cloud concern, with 50 percent indicating that this is a barrier to cloud adoption.  When evaluating security solutions, enterprises and cloud service providers need security that doesn't sacrifice overall performance of the cloud service.

 

The executive summary of the survey can be found here.