The public cloud is more than 30 percent riskier than on-premises applications — and security concerns remain a strong barrier to cloud adoption.
Those are just two of the findings from a new Cloud Security Spotlight Survey (registration required) by Campbell, Calif.-based Bitglass.
The data security company surveyed more than 1,000 IT and IT security practitioners to assess the state of cloud in the enterprise.
It found a third of respondents have experienced more security breaches with the public cloud than with on-premises applications. In addition, 90 percent still express concern about public cloud security.
The report also exposed other interesting facts, including that there are greater fears about employee misuse and access control than malware and hacking. In addition, Microsoft is making big gains in the enterprise, pushing past Google as an email provider and challenging Salesforce as the cloud service of choice.
Despite the inherent risks of public clouds, more than seven in 10 organizations are either planning to implement or are actively implementing cloud environments, noted Bitglass CEO Nat Kausik.
“At the same time, organizations are concluding that SaaS applications are less secure, slowing widespread adoption of these technologies,” he noted.
The report is full of contradictions, underscoring the industry's love-hate relationship with the cloud.
For example, about 36 percent of respondents rated even the leading cloud applications such as Salesforce and Office 365 as less secure than on-premises applications.
Nearly half (45 percent) of respondents cited rated security as their single biggest concern, followed by data loss and leakage (41 percent) and loss of control (31 percent).
Even so, the cloud is a repository for significant data: It is used to store email (45 percent), sales and marketing data (42 percent) intellectual property (38 percent) and customer data (31 percent).
The greatest security concerns are internal: improper access control including unauthorized access (63 percent) the hijacking of accounts (61 percent) and malicious attacks by insiders (43 percent).
Issues like malware and other direct attacks against the cloud provider fall far lower on the list, as do insecure interfaces and APIs.
Enterprises rely primarily on enforcement of consistent cloud security policies and encryption to protect the cloud.
But they also use access control (48 percent), intrusion detection and prevention (IDP) (48 percent) and security training and awareness (45 percent).
In spite of all these issues, cloud computing does appear to be paying off for enterprises.
Respondents cited flexibility, availability and lower costs as the main drivers for cloud adoption.
The findings dovetail with many other surveys we have seen over the past year. Last week, for example, Metalogix released its Insider Threat Index (ITI), which offers SharePoint managers insight into their content security based on nine metrics.