Around 200 IT executives were quizzed about the state of cloud adoption, the evolving role of IT, and how enterprises approach cloud security. The results suggest that while trust in the cloud may be on the rise companies are trying to replicate the same security controls they did for their on-premises systems.
Cloud professionals are now caught between dual responsibilities, says the study: they are obliged to enable the business while at the same time they must tighten security. Only 35% of IT leaders believe that cloud-based systems of record are less secure than their on-premises counterparts. The other 65% say that the cloud is either more secure than on-premises software or equally secure. However, even when enterprise-ready cloud services are more secure than their own data centres, the users present more danger, which is why the ability to enforce corporate security policies is the number one barrier to moving applications to the cloud, said 68% of IT leaders. Another blockage was the need to comply with regulatory requirements (61%) and lack of budget to replace legacy systems (32%).
The top barrier to securing data is a lack of skilled security professionals as businesses are hiring IT security professionals faster than the market can train and develop experienced security professionals. In August, it was reported that JP Morgan expected to spend $500 million on cyber security in 2015, double its 2014 budget of $250 million. Rapid hiring is leading to a shortage of people to fill open positions. A 2015 report from labour analytics firm Burning Glass shows that cyber security job postings grew 91% from 2010 to 2014, more than three times the rate of growth in all IT jobs.
The most important new job is a chief IT security officer (CISO) the report found. Just 19% of companies without a CISO have a complete incident response plan while 54% of companies with a CISO have a complete incident response plan and those with a CISO are also more likely to have cyber insurance to protect against the cost of a data breach.