Few would argue that the embrace of cloud computing in modern enterprises has been anything but transformative. Organizations want to improve agility, reduce time to market, and cut IT costs. Increasingly, they're moving workloads in the cloud to achieve these goals, and there's strong evidence that it's working. By some estimates, the total cloud market will exceed $250 billion by 2020. Cloud investment is growing more than 20% annually with little sign of a slowdown.
Crowd Research Partners recently surveyed more than 2,200 cybersecurity professionals to learn what's motivating the move to the cloud — and what factors might hinder future adoption. The research group found that as more companies adopt cloud technologies, their concerns about security threats have increased accordingly.
Attackers Are Massively Targeting Users and Their Accounts
The 2016 Cloud Security Report found that although 46% of the security practitioners surveyed said cloud adoption has made key data and services more readily available, and 41% said it's saved them money, 53% said security fears top their list of barriers to further use of cloud services. That's up from 45% in the 2015 survey.
Respondents also reported that unauthorized access through misuse of employee credentials and improper access controls is the single biggest threat (53%) to cloud security. This is followed by hijacking of accounts, at 44%, and insecure interfaces and APIs at 39%.
Note that the top two threats aim at application users and their accounts. Inadequate authentication and session management services are just a part of the application security challenge. The other part is social engineering and lack of security education and practice among users. IMMUNIO's Mike Milner addressed this topic in a recent webinar.
Traditional Perimeter Defenses Don't Work
Further, the vast majority (84%) of respondents said they're dissatisfied with traditional security tools when applied to cloud infrastructure. Respondents said traditional network security tools are somewhat ineffective (48%), completely ineffective (11%), or can't be measured for effectiveness (25%) in cloud environments.
The data above indicates that organizations who are on the forefront of rapid development in the cloud are searching for proven solutions to security threats that are designed for fast development and release cycles and for the cloud deployment environment.
With attacks on web applications emerging as the single biggest threat to corporate data, it's clear that organizations need to get a handle on the various ways bad guys target unsecured applications — and on best practices for countering these threats.
Good News: Cloud Infrastructure From Leading Providers is Generally More Secure than Your Own
But these web app security challenges shouldn't keep organizations from moving workloads to the cloud. As the 2016 Cloud Security Report suggests, the benefits are so compelling that resisting the cloud trend could put your company at a disadvantage. Neil MacDonald, distinguished analyst and Gartner fellow, recently published a report on this topic:
Bad News: Applications You Own and Host, and Your User Accounts, are Still Your Responsibility
Cloud computing can represent a significant step forward in terms of infrastructure availability, performance, and security. But the applications you develop and host (that propel your business, your reputation, the security and privacy of your users, and their accounts) is up to you to develop and protect.