Cloud security: 10 things you need to know

Image: iStockphoto/maxkabakov

If we're talking about the cloud, we have to talk about security.
It seems that every time the cloud is brought up in the enterprise, the conversation to follow is focused on how secure, or not secure, it really is. Some would have you believe the cloud is safer than on-premise, while others contend that it is the least safe place you could store your data.
When thinking about cloud security, it's ultimately up to each individual organization and its leadership to determine if a cloud deployment is the right strategy. However, cloud adoption is growing overall, and it is important to consider how it affects the organization.
Here are 10 things you need to know about cloud security.

1. The cloud security market is growing

According to the Research and Markets' Global Security Services Market 2015-2019 report, the market for security products and services is growing globally and demand for cloud-based security is leading the charge. In fact, the Cloud Security Market report by MarketsandMarkets predicts the market size at nearly $9 billion by 2019.

2. 43% of companies experienced a data breach last year

In 2014, data breaches were all over the major news channels. Big brands like Target, Neiman Marcus, JP Morgan Chase, and Home Depot all announced that their data had been compromised. Toward the end of 2014 a Ponemon Institute report claimed that 43% of companies had experienced a data breach within the past year, up 10% from the year before. Additionally, data breaches in South Korea compromised the credit card information of 40% of the population.

3. It's more than public vs private

One of the raging debates when it comes to cloud security is the level of security offered by private and public clouds. While a private cloud strategy may initially offer more control over your data and easier compliance to HIPAA standards and PCI, it is not inherently more or less secure. True security has more to do with your overall cloud strategy and how you are using the technology.

4. Cloud and security top IT initiatives in 2015

While the term "cloud security" wasn't explicitly mentioned, both "cloud" and "security" top the list of IT initiatives for executives in the 2015 Network World State of the Network report. Thirty six percent of IT executives ranked security as their no. 1 initiative, while 31% had the cloud leading their initiatives.

5. Storage is perceived as the riskiest cloud app

When most consumers think about the cloud, they are likely thinking about popular cloud storage and backup services. Cloud storage is important to the enterprise too, but it presents its own challenges. More than 50% of the respondents to the Cloud Usage: Risks and Opportunities Report from the Cloud Security Alliance listed storage as the most risky cloud application according to their organization's definition of risk. The second most risky set of applications were those dealing with finance or accounting.

6. Your employees are your biggest threat

Outside hackers are what most people perceive as their biggest threat to security, but employees pose an equal risk. The 2015 Data Breach Industry Forecast by Experian claims that employees caused almost 60% of security incidents last year. This is further compounded by employees working remotely or using their personal mobile device to access sensitive materials outside of the company network.

7. Controlling adoption is difficult

The rise of bring-your-own-device (BYOD) and bring-your-own-application (BYOA) trends means that many cloud services and tools are sneaking into organizations under the noses of IT leaders. Results of a survey conducted by The Register shows that 50% of respondents said the biggest challenge in regards to cloud services is getting the chance to assess security before a service is adopted by users.

8. Many organizations don't have security policies

According to the Cloud Usage: Risks and Opportunities Report, 25.5% of respondents don't have security policies or procedures in place to deal with data security in the cloud. Also, 68.1% said they do have security policies in place, and the remaining 6.4% didn't know whether they do or do not have the proper policies in place.

9. IoT presents a new risk to cloud security

Research firm Gartner predicts that the IoT market will grow to 26 billion units installed by 2020, bringing with it a slew of security issues for organizations that are leveraging the technology. The Experian Data Breach Industry Forecast notes that the storage and processing of the data points collected by IoT devices will create more vulnerabilities, and we will likely see cyberattacks targeting the IoT.

10. The right tools aren't always used

Fortunately, there are quite a few ways in which enterprises can make their cloud initiative more secure. While these tools and services exist, they aren't always used the proper way, or even used at all. Sixty percent of respondents to The Register's cloud survey said they were using VPN connections, but only 34% said they were using cloud firewalls or encrypting data at rest. The numbers continued to drop in regards to other preventative measures until the bottom of the list where only 15% said they were using obfuscation or tokenization of sensitive data.