- Data loss is one of the issues most companies fear
- Many organizations continue to implement legacy solutions to secure modern cloud environments
- Privacy is also a challenge for more organizations that deal with private data
Public cloud security remains a top-of-mind concern for 93 percent of IT and security professionals, according to a report from Bitglass on the perceived safety of cloud environments and solutions.
Cloud security, cloud apps and software-as-a-service (SaaS) are meant to complement or replace existing technologies, but they come with their own challenges and issues. One of the biggest problems is security at every level, and companies are well aware of what they need to do to stay safe.
Although cloud-based solutions seem to be the future, companies still have problems securing such environments. One issue is the lack of data loss prevention software (DLP), which is especially troubling because data leakage is also a concern.
“A mere 31% of organizations use cloud DLP, despite 66% citing data leakage as their top cloud security concern,” the survey found. “Similarly, organizations are unable to maintain visibility into file downloads (45%), file uploads (50%), DLP policy violations (50%), and external sharing (55%) in the cloud.”
Surprisingly, another issue that's relatively widespread is the use of legacy solutions to secure cloud-based implementations. Such solutions rarely work and unnecessarily drive up the cost of security.
“Many still try to use tools like firewalls (44%), network encryption (36%), and network monitoring (26%) to secure the use of the cloud--despite 82% of respondents recognizing that such legacy tools are poorly suited to do so and that they should instead use security capabilities designed for the cloud,” the report also said.
Finally, another significant issue directly linked to data loss is privacy, with 62 percent of IT and security professionals worrying about data privacy and confidentiality. Bitglass argues that data flowing to undesirable locations can violate data privacy and lead to regulatory noncompliance. At the same time, concerns about compromised credentials are typically rooted in fear of unauthorized access to corporate systems and, consequently, data.