Software as a Service (SaaS) adoption has continued to climb with each passing year. Major contributors to this have been ease of deployment, improved productivity and lower cost of ownership. Furthermore, organizations have begun to reason that SaaS applications can be more secure than their premises-based counterparts. Despite these facts, a recent survey of 176 IT security leaders conducted by the Cloud Security Alliance and Bitglass revealed that visibility and control remain hot topics in organizations around the globe. Interestingly, the survey found that more than half do not have adequate visibility and have experienced a security incident due to a lack of controls.
The full report can be downloaded here. Highlights of the survey include:
- 62 percent have written policies discouraging use of unsanctioned applications, few have technical controls in place.
- 38 percent outright block unsanctioned applications, while just 29 percent use a proxy or firewall to redirect users.
- 16 percent reported they do not use any SaaS applications.
- 59 percent reported cloud security incidents related to unwanted external sharing.
- 47 percent reported incidents involving access from unauthorized devices.
- 28 percent have access to users logins and 29 percent have audit logs.
- Less than half (48 percent) know where and when sensitive data is being downloaded from the cloud.
- 55 percent of security professionals believe that cloud application vendors should not be forced to cooperate with government by providing access to encrypted data.
- 15 percent believe that cloud vendors should be forced to build backdoor access for government agencies.
Doing business in the cloud sure is a balancing act of convenience and data protection. It will be interesting to see how organizations and cloud vendors continue to innovate in the months and years ahead.