A new survey reveals some of the trends changing the role of IT as more businesses move to the cloud and what organizations are doing to reduce security risks.
64.9% of IT leaders think of the cloud as secure or more secure than on-premises software.
71.2% of companies have a formal process for users to request new cloud services. Yet 65.5% of them said they only partially follow it.
26.3% of companies are very concerned about data loss as systems of record move to the cloud. Another 32.2% of companies are somewhat concerned about data loss.
65.7% of organizations concerned about a data loss have a CISO while 50% of companies that aren’t concerned about data loss have a CISO.
CRM is the most widely used cloud-based system (36.3%), followed by IT service management (31%) and human resources management (24.4%).
On average, it takes an IT security team 17.7 days to evaluate the security of a cloud provider. But 55.5% of companies make a decision without a security evaluation because they already have a comparable solution in place—the biggest reason to reject a request (55.1%).
The next most common reason for rejecting a cloud service request is that the provider is not trusted (53.6%), followed by a lack of encryption (45.8%) and a lack of data loss prevention (43.9%).
71.3% said their companies have plans to offer more cloud support to the lines of business.
The biggest benefits of moving to cloud-based options vs. legacy solutions include lower up-front or ongoing costs (71.8%), faster implementation (69.2%) and a better user experience (49.4%).
The biggest obstacles to cloud adoption are the ability to enforce corporate security policies (67.8%), regulatory requirement compliance (61.2%) and budget constraints (31.6%).
The biggest barrier to having programs to stop data loss in the cloud is the lack of skilled security professionals (30.7%), lack of an internal strategy for operationalizing threat intelligence data (26.5%) and no budget to acquire new technologies that detect cloud breaches (22.9%).
82.2% of companies have some form of incident-response plan; 53.8% of those with a CISO have a complete incident-response plan, and 29.2% with a CISO have cyber-insurance.
24.6% of companies would be willing to pay ransom to hackers to prevent a cyber-attack and 14% would pay more than $1 million.
63.9% of respondents have heard of cloud access security brokers (CASB), but only 41.8% of them know what it means.
The biggest cloud security capabilities needed include access control (87.3%), followed by encryption (83.4%), data loss prevention 73.9%, compromised account detection (57.2%) and insider threat detection (56.1%).