Security remains the biggest barrier to cloud adoption in the enterprise, with in-house skills gaps making it harder for organisations to securely manage their own infrastructure.
That’s one of the main findings of Ovum’s report – The Role of Security in Cloud Adoption within the Enterprise – in which the analyst house raised concerns about the number of cloud providers who treat security as an afterthought when building their services.
Despite this, the report – authored by Ovum principal analyst Andrew Kellett – claimed 80% of enterprises are now using some form of cloud technology, but concerns about compliance, security and data protection persist for many.
“The most commonly expressed cloud security concerns revolve around the lack of visibility into the data protection measures employed by service providers,” the report said.
“There is the potential for other users of shared cloud services to gain access to their data, and a lack of ability to control where a service provider chooses to locate their data.”
Providers must do more to demonstrate to users that their services have been built from the ground up so that all these areas are addressed, said Ovum.
Read more about cloud security
- Doubts have been raised about Enisa's decision to look to the UK for guidance on how to create a security framework that accelerates adoption of government cloud services across Europe.
- The financial sector is slowly coming round to the idea of entrusting its apps and data to the cloud, but security remains a major stumbling block for many.
Security positioned as an afterthought
“Service providers can no longer afford to position the security and compliance requirements of their clients as optional extras to their core business services,” the report said.
“On too many occasions, security has been positioned as an afterthought when new technology initiatives have been brought to market. Any service that includes access via public networks cannot ignore user and data protection requirements.
“A growing number of SaaS-based cloud service providers are building out their security positions, but many still look as though security was an afterthought, and any security or compliance components that are included are bolted on extras.”
Enterprises rely on providers for security skills
Given the dearth of IT workers with skills in cloud security, many enterprises look to providers to plug the gap – putting pressure on them to put their houses in order.
“This is a situation that has developed over several years and has now reached an acutely serious stage where many organisations now lack the skilled practitioners needed to maintain their own in-house operations and keep data safe,” Kellett wrote.
“One option is to outsource security to a specialist managed security services provider. Another involves obtaining the required security services as part of an integrated package when working with a cloud-based managed services provider that already offers security and compliance as an in-built part of its overall management and service delivery offering.”
Shop about for cloud data protection
Cloud security supplier Firehost endorsed the report's findings. Firehost’s Europe vice-president Eleri Gibbon urged users to shop around if their chosen provider falls short on data protection.
“In today’s business climate, cloud service providers need to demonstrate their commitment to improving IT security," she said.
"Likewise, customers need to look elsewhere if their current provider doesn’t meet their needs. Security-conscious industries in particular – such as the retail, payments and finance sectors – should seriously consider the use of secure, specialist cloud solutions to ensure the protection of their sensitive and extremely valuable data."