The perception of cloud security appears to have reached a tipping point, with a majority of cybersecurity leaders now believing the risk of a breach is the same or lower than in on-premises environments, according to Nominet.
The .uk registry and DNS security firm polled 274 CISOs, CTOs, CIOs and others with responsibility for cybersecurity in their organization, in US and UK companies.
It found that 61% now feel that cloud breaches are just as likely or less likely than on-premises breaches, while 92% claimed they’re adopting cloud-based security tools.
However, concerns persist: 71% were moderately, very or extremely concerned about malicious activity in the cloud. Over half (56%) cited regulatory fines as their biggest concern, whilst a similar number (54%) pointed to the increasing sophistication of cyber-criminals.
Perhaps unsurprisingly, those with a multi-cloud strategy were most likely to have suffered a breach over the past year: 52% versus 24% of hybrid-cloud users and 24% of single-cloud users.
They were also more likely to have been hit by a larger number of breaches: 69% suffered 11-30 breaches versus 19% of single-cloud users and just 13% of hybrid-cloud businesses.
“When it comes to ensuring resilience and being able to source ‘best-in-class’ services, using multiple vendors makes sense,” explained Nominet VP of cybersecurity, Stuart Reed.
“However, from a security perspective, the multi-cloud approach also increases exposure to risk as there are a greater number of parties handling an organization’s sensitive data. This is exactly why an eye must be kept on integration and a concerted effort be made to gain the visibility needed to counter threats across all different types of environments.”
The most popular cloud security tools are firewalls (55%), email security (52%), anti-virus/anti-malware (48%) and data loss prevention (48%), with most respondents (57%) claiming that they expected their cloud security budget to increase in the next 12 months.
“As we move into the ‘cloud era’, arguably security teams need to channel their concern into finding solutions that work with the cloud, just as they have been doing in an on-premise environment,” Reed added.
“The shift in attitude between on-premise and cloud doesn’t change the remit for security teams, it just puts us on a different type of playing field.”