Uncategorized

Cloud security spending goes up for organisations as app-level responsibility bites

Organisations are more likely to prefer storing data in the cloud instead of on a legacy system – but are spending significantly on security to keep up.

That is the latest finding from Clutch, a B2B research firm, which put out the latest report from its annual cloud computing survey earlier this week.

Nearly 70% of the 283 IT professionals polled said they would be more comfortable storing data in the cloud; yet more than half of companies surveyed admitted to spending more than $100,000 per year on additional cloud security features. 22% of respondents spend at least $500,000 on additional cloud security features per year, while 8% spend more than $1 million.

Of the security measures available, additional encryption was the most popular among respondents, while two thirds (65%) of businesses said they follow regulatory standards from the Cloud Security Alliance.

The report also delved into who should do what when it comes to cloud security. As this publication has explored this month, through a report from Barracuda Networks, there appears to be a disconnect among organisations around the shared responsibility model for infrastructure as a service.

Application level controls, identity and access management, and endpoint protection, among others, are the customer’s responsibility, as outlined by both Microsoft and Amazon Web Services (AWS) in their documentation. Clutch argues that the high investment in cloud security is related to the risks that are out of their cloud provider’s control.

“There is suddenly a number of people recognising that application-level security needs to be done by the user, not the vendor,” said Haresh Kumbhani, founder and CEO of cloud consulting provider Zymr. “If this is the case, then they need to invest top dollar in securing the data.”

Almost a quarter (23%) of respondents said they use Internet of Things (IoT) services on the cloud, although when it came to security on top of it – a significant threat, given the frequent global cyberattacks which invariably make the headlines – it was described by Jamie MacQuarrie, co-founder of Appivo, as ‘nascent’. “For every company that properly locks down IoT-enabled machines on a factory floor, you have thousands of unsecured ‘smart’ lightbulbs,” he said.

You can read the full report here.