Security and the Cloud: Trends in Enterprise Cloud Computing

With more than 90 percent of businesses in the US using cloud infrastructure, the features they value, the challenges they consider most prominent, and the amount of money they are willing to invest in cloud computing are important factors to understand.

Clutch surveyed IT professionals at medium and large enterprises in the US to determine the value of cloud computing in the enterprise market. Security dominated the discussion and pervaded three topic areas: cloud benefits, challenges, and implementation.

Enterprises Say Cloud More Secure Than Legacy Systems

Overall, 64 percent of enterprises believe cloud infrastructure is more secure than legacy systems. However, more than half of these companies, 38 percent, indicate that cloud infrastructure is “somewhat more secure” than legacy systems, as opposed to “much more secure.”

Cloud infrastructure versus legacy system security - Clutch's Enterprise Cloud Computing Survey 2016

The level of enterprise trust in cloud security is encouraging but should be higher, according to David Linthicum, senior vice president of Cloud Technology Partners.

“I think what we’re seeing now, when it comes to the Cloud and security, is a bit of a myth that the Cloud is less secure. I’ve heard this many times, but it does not seem to be true in real life.”
David Linthicum

Distrust of the Cloud derives from a lack of knowledge about the safeguards that exist to secure data and the circumstances that lead to data breaches. In reality, security problems often arise from human error, rather than shortcomings in cloud infrastructure.

“Many recent data breaches have been reported incorrectly. For example, the security breach at Target occurred because a vendor who had access to the company’s portal left a computer on and walked away. No one was hacking the Cloud. It was human error, and the Cloud cannot protect you from that.”
Jason Reichl, CEO, Go Nimbly

Many features differentiate cloud infrastructure from legacy systems and make it a more secure option for enterprises.

1. Cloud infrastructure is monitored at all times.

“If you were to look at the skill set in a single organization and compare it to another organization that specializes in a specific solution, all things being equal, you would expect the specialized company to provide the best service. This is how it is with the Cloud. The cloud vendor will have good, if not better, security and support for security than any one company. Because of this, moving to the Cloud would increase the company’s overall internal security, as opposed to relying on its IT department only.”
Duane Tharp, Vice President of Technical Sales and Services, Cloud Elements

2. Security measures are multi-faceted.

They include identity-based management, data encryption, compliance and standards, sophisticated governance systems, and proactive management structures.

Companies that migrate to the Cloud actually become more secure because the change forces them to consider security at the application level, instead of just at the perimeter.

“It is your responsibility as a customer on the Cloud to secure your perimeter and make sure your data is protected because the cloud vendor will not do that for you.”
Jose Alvarez, Director of IT Infrastructure, Auxis

3. Central management of cloud infrastructure ensures security systems remain up-to-date at all times.

Cloud computing services are audited on a yearly basis. However, this is not the case with on-premise solutions.

“If you have an on-premise solution for five years, within those five years, it may get audited once, which leaves room for gaps in security to arise.”
Jason Reichl

“Legacy systems are more difficult to keep updated because enterprises may have to go around to several hundred thousand platforms to check and update security systems. It’s easier for legacy systems to fall behind in terms of updates.”
David Linthicum

Enterprises Tout Cloud Infrastructure Security But Challenges Remain

Security is the primary benefit cloud infrastructure provides enterprises (21%), followed by increased efficiency (15%) and access to space for data storage (12%).

To determine the primary benefit of cloud computing, we asked respondents to rank a list of features from one to three, with one being the most important benefit cloud infrastructure provides. Respondents identified security as their number one cloud computing benefit. 

Primary benefit of cloud computing - Clutch's Enterprise Cloud Computing Survey 2016

Cloud infrastructure’s proactive monitoring and response systems are a boon when it comes to keeping data safe. Cloud services dedicate around-the-clock resources to maintaining the security of data stored on cloud infrastructure and responding to breaches.

“Using the Cloud is like putting your money in the bank versus under your mattress. Even though your money, or data, is not on-premise, the bank will do a much better job protecting it because it has vaults and security cameras – more than what a single enterprise company can do.”
David Linthicum

“A couple of years ago, security in the Cloud was the biggest concern, and it is what prevented a lot of companies from adopting the Cloud. But, these days, the Cloud offers more security than an on-premise platform because cloud vendors have developed tools and services to monitor and react quickly to security attacks or threats.”
Jose Alvarez

Industry leaders highlighted alternative benefits of cloud computing, which they believe outweigh security, including scalability, speed, and increased efficiency.

Although enterprises identified security as the primary benefit of cloud computing, 31 percent also deemed security the most prevalent challenge they encountered in 2015.

Problems with cloud - Clutch's Enterprise Cloud Computing Survey 2016

Why is security both a benefit and challenge with cloud systems?

David Linthicum attributes the phenomenon to “cloud paranoia.”

“I think responses to this question show that enterprises realized they needed a different, more advanced approach to security. … If companies are going to put data and files in the public cloud, security needs to be systemic to everything they do.”
David Linthicum

The theory suggests that migrating to the Cloud raises awareness about the breadth of crucial information being stored on the platform, which in turn triggers a demand for more security measures.

“The big struggle for IT teams arises when businesses demand higher and higher levels of transparency. Because of this, the IT team needs to build new security policies to create the impression that a business is investing a lot more resources in security. Truthfully though, a company should already have had these security measures in place.”
Jason Reichl

Another explanation posits that security seems a challenge when companies are unsure of how to implement cloud infrastructure or how to determine the best cloud solution for their needs.

Enterprises Meet Security Concerns With More Safeguards

75 percent of enterprises implement additional security measures beyond what a cloud computing service provider offers.

Additional security measures implemented for cloud computing - Clutch's Enterprise Cloud Computing Survey 2016

The trend emphasizes the importance of taking all steps possible to ensure security, instead of relying on the cloud vendor alone.

“A common mistake is that companies think the Cloud is secure enough out-of-the-box. But, in reality, the Cloud has two major components: the backend cloud vendor infrastructure, which is secured by the vendor, and the company-specific cloud infrastructure, which must be secured by the company.”
Jose Alvarez

Migrating to the Cloud encourages companies to engage in better security practices overall.

The additional security measure enterprises implement the most is data encryption (60%), followed by identity access policies (52%) and regular audits (48%). To implement additional cloud security, more than half of enterprises (59%) spend between $10,000 and $500,000.

Types of additional security measures implemented for cloud - Clutch's Enterprise Cloud Computing Survey 2016

Spending on additional cloud security measures - Clutch's Enterprise Cloud Computing Survey 2016

It is necessary to implement additional security measures for two reasons.

“The first reason is regulatory. Businesses have to be compliant to a regulatory regime, whether state, federal, or internal. The other reason is fear. The nominal additional investment in security potentially can prevent a bad situation from arising in the future. There is a positive net return.”
Duane Tharp

Industry leaders identified other security measures that enterprises should prioritize:

  • Systems that monitor and respond to security issues proactively
  • Increased focus on customer and vendor security
  • Adherence to all necessary regulatory standards and compliance

The Cloud Security Alliance (CSA) received the most attention in the enterprise cloud computing market, with 39 percent of enterprises indicating it is necessary for cloud computing. 

Standards and compliance for cloud - Clutch's Enterprise Cloud Computing Survey 2016

For enterprises, being compliant to the necessary regulations and standards ensures better cloud implementation.

“Regulations provide best practices and guidelines for customers to implement the Cloud properly.”
Jose Alvarez

However, some enterprises still see compliance as a deterrent to cloud usage.

“Companies often use compliance concerns as an excuse for not using the Cloud. … But these comments arise from ignorance. … It’s all about understanding the features and functions that facilitate being compliant in the Cloud. A lot of education needs to occur.”
David Linthicum

If compliance can be not only a deterrent to cloud computing but also a necessary security measure, how should enterprises approach the process of becoming compliant?

“The important questions that companies should ask themselves are, ‘What does compliance mean to my company? What are the key pieces of data that need to be protected?’ For example, if you are a healthcare company, you legally have to be HIPAA compliant and that is what you should prioritize.”
Jason Reichl

About the Survey

The study consisted of 300 respondents with decision-making authority or influence in the IT department, in companies with more than 100 employees. All respondents use a full-service cloud computing platform. The survey was conducted throughout December 2015.

Company size - Clutch's Enterprise Cloud Computing Survey 2016

Company revenue - Clutch's Enterprise Cloud Computing Survey 2016

Published March 03, 2016

To request additional information or provide feedback on this survey, contact [email protected]