Collaboration services, email, managed services, and backups and disaster recovery are the most common current use cases for cloud services, according to the results of a new SANS survey on cloud security. The 485 IT professionals who participated in the survey reported using a variety of cloud providers and service models, including software-as-aservice (SaaS) cloud offerings, along with a fairly even mix of infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) implementations. Most respondents said they are investing in both public and private clouds as needs dictate.
However, while cloud services provide the functionality businesses need, they also come with increased security risks, particularly given that 40% of respondents said they process sensitive data in the cloud. Concerns include lack of control over access to data, geographic location of sensitive data, compliance, and visibility and security controls built into organizations’ public and hybrid cloud environments.
Along with these issues, more than 27% of respondents said they have little or no incident response support within their public cloud implementations, citing a litany of problems, including an inability to determine who is responsible for security and compliance in the cloud and how to implement and assess security controls.
Overall, survey results indicate a strong need to keep security close to the data as it traverses through cloud systems—not only through encryption, but also by controlling permissions and access. Findings also indicate the need for organizations to integrate monitoring capabilities across their hybrid environments and partnerships with public cloud providers for full-spectrum visibility and response.
These and other survey highlights are covered in the following report.