CISOs now say cloud technology is ‘just as safe’ as on-prem

Cloud security

Multi-cloud adopters are more than twice as likely to suffer a data breach than single-cloud and hybrid cloud

The majority of security professionals now consider single-cloud technology to be just as safe, if not safer, than on-premise storage - while multi-cloud environments are deemed the riskiest setups, according to research. 

Cloud technology has seen an explosion in adoption rates among businesses in recent years but has been traditionally considered a riskier option for businesses than on-premise storage.

The majority (61%) of chief information security officers (CISOs), however, have indicated that while security concerns remain, businesses running single-cloud configurations are at no more risk than they would be powering their organisations through on-premise data centres.

There's also a strong appetite for cloud adoption, with 88% of respondents to a Nominet survey reporting their organisations are either currently engaging in, or have plans to, adopting Software as a Service (SaaS) products.

The research questioned almost 300 CISOs, CTOs and CIOs from large organisations with more than 2,500 employees directly responsible for overseeing cyber security practices.

Some 71% of respondents said they were either moderately, very or extremely concerned with the risk of cyber attack in cloud technology, but these concerns are generally matched by anxieties with on-premise systems.

Interestingly, US respondents were almost twice as likely than CISOs based in the UK to suggest they were "extremely concerned" - 21% versus 13%. This could be based on a host of reasons, including differing compliance regimes, threat landscapes and media coverage of security breaches, the report suggested.

"Security has traditionally always been cited as a barrier to cloud adoption, so it is significant that the perceived risk gap between cloud and on-premise has disappeared," said Stuart Reed Nominet's vice president of cyber security.

"It is evident that security concerns are no longer an insurmountable barrier to cloud deployments given the high adoption rate of cloud services."

He added: "And, as we move into the 'cloud era', arguably security teams need to channel their concern into finding solutions that work with the cloud, just as they have been doing in an on-premise environment."

Adopting a multi-cloud approach, meanwhile, is generally seen as more risk than hybrid and single-cloud approaches.

CISOs adopting such a configuration within their organisations were twice as likely to have suffered a data breach over the past 12 months; 52% versus 24% of single-cloud and hybrid-cloud users.

Organisations adopting a multi-cloud approach were also found to generally suffer a greater number of data breaches, with 69% of respondents reporting 11-30 breaches compared with 19% for single-cloud adopters and 13% for hybrid cloud adopters.

"When it comes to ensuring resilience and being able to source 'best-in-class' services, using multiple vendors makes sense," Reed continued.

"However, from a security perspective, the muti-cloud approach also increases exposure to risk as there are a greater number of parties handling an organisation's sensitive data.

"This is exactly why an eye must be kept on integration and a concerted effort be made to gain the visibility needed to counter threats across all different types of environments."

Sign up for our free newsletter