Cloud computing has been around long enough that IT leaders should be facing its weaknesses and well as its strengths.
Not so, suggests a survey released by the Cloud Security Alliance, an industry group that promotes best practices.
“While security remains the top barrier to cloud adoption, a lack of knowledge and experience on the part of IT and business managers is also a significant barrier,” the study says.
According to responses from 212 IT and security professionals in 17 countries around the world done last year, the security of data in the cloud is now an executive or board-level concern for 61 per cent of companies.
Three-quarters of companies indicated cloud security projects were important or very important, eclipsing intrusion prevention (74 per cent) and firewalls and proxies (65 per cent).
Yet only eight percent of companies said they knew the scope of shadow IT at their organizations. An overwhelming majority (72 per cent) of companies surveyed said they did not know the scope of shadow IT but — thankfully — wanted to know. This number is even higher for enterprises with more than 5,000 employees at 80 per cent.
Globally, 71 per cent of respondents were somewhat to very concerned over shadow IT.
Half of respondents said their companies have a policy on acceptable cloud usage today. However, only 16 percent of companies have a policy that is being fully enforced, with another 26 partially enforcing their policy and eight percent with policies that are not enforced at all.
“Fewer companies than expected have a formal cloud governance committee charged with developing and updating policies,” the report said. Only 21 percent of the companies surveyed have a governance committee, while another 31 per cent have plans to create one. “Despite the importance of employee-led cloud adoption, the line of business is often left out of the discussion. Line of business leaders were the least likely group to be invited to the table at companies forming a committee.
For companies that already have a committee, only 43 per cent include representatives from the line of business.
To educate employees on the company’s policies, 22 per cent of organizations have a cloud security awareness training program, while another 36 per cent plan to create one. Somewhat paradoxically, said the report, although large enterprises lag behind smaller ones in cloud adoption, they are better positioned to adopt the cloud securely because they have more robust policies and procedures for managing cloud adoption.
Companies with more than 5,000 employees are more likely to have a cloud governance committee, have a policy on acceptable cloud usage, and have a security awareness training program compared to companies with fewer than 5,000 employees.
One third of respondents described their organizations’ attitude as being “full steam ahead” when it comes to cloud services while 41 per cent are moving forward with caution. Another 15 per cent of companies are in the early stages of investigating cloud services, while 11 per cent of companies do not consider cloud a priority.
The survey was paid for by Skyhigh Networks, a security and compliance provider.