WavebreakMediaMicro - Fotolia
European businesses are increasing their investment in public cloud, despite ongoing security concerns, a survey by Barracuda Networks has revealed.
There is also a perceived lack of understanding about who is responsible for keeping their data safe, according to the poll of 550 IT decision-makers at organisations using a public cloud infrastructure as a service (IaaS) in the UK, Germany, France, Belgium, the Netherlands and Austria.
According to the survey, 20% of IT budgets are currently being spent on public cloud deployments, with organisations expecting half of their infrastructure to be in the public cloud within two years.
Nearly 35% of organisations polled said their infrastructure is currently in the cloud, with this proportion expected to rise to half in two years’ time.
UK organisations have the lowest proportion of public cloud in their infrastructure (29%), trailing Belgium and the Netherlands (41%), France (38%), Austria (35%) and Germany (35%).
However, less than 45% of respondents believe their public cloud IaaS provider completely and successfully offers strong protection when it comes to accessing cloud applications.
A similar proportion said the same about strong protection of applications in the cloud (43%) or strong protection of data in the cloud (41%).
According to the survey report, this suggests that more than half are not completely satisfied by the security offered by their cloud provider, and this needs to be addressed to maintain momentum.
European businesses are using public cloud for a range of purposes, the survey shows. The most popular are data storage (77%) and data recovery (56%), followed by web and app hosting (54%), data analytics (51%), and customer relationship management (CRM) systems (46%).
Chris Hill, director of public cloud business development at Barracuda for Europe, the Middle East and Africa, said that despite the increasing adoption of public cloud, it is telling that security concerns continue to loom large.
“With 77% of respondents claiming to use public cloud to store data such as employee information, business intellectual property and customer bank details, the EU General Data Protection Regulation [GDPR] compliance deadline in May 2018 brings into focus ever more clearly the need to ensure cloud data is properly protected,” he said.
Many IT decision-makers seem to be confused over exactly what their responsibilities are when it comes to cloud security, with just 61% of those polled claiming to fully understand their responsibilities. This figure rises to 69% in Germany and drops to 51% in Belgium and the Netherlands.
Contrary to the obligations set out in the Shared Responsibility Model, 64% of respondents believe it is the cloud provider’s responsibility to secure data in the cloud, while 61% said the same about applications and 60% about operating systems.
Lack of understanding
The survey report said this highlights a worrying lack of understanding of the Shared Responsibility Model, a key stipulation of most cloud provider agreements, under which they secure basic infrastructure components such as compute, storage, database and networking, as well as the physical site, while it is the customer’s obligation to secure their data, apps, operating system and other software elements running in the cloud.
Despite this perceived lack of awareness of the risk, the report said it is encouraging to see that businesses in Europe are taking measures to put extra protection in place.
More than half of respondents said they have invested in additional security products to safeguard access to the public cloud, and a further third (37%) said they plan to do so in the future. Those in Belgium and the Netherlands were most likely to have added security (70%), while UK organisations were least likely (43%).
“It is clear from this research that the public cloud remains a hugely attractive prospect, yet migrating sensitive business applications can be a complicated process that creates new security requirements,” said Hill. “Against the backdrop of ever more prevalent and damaging online threats facing organisations, it is natural to see security remain a challenge.”