Cloud computing offers numerous benefits to businesses. However, these benefits are likely to be undermined by the failure to maintain proper information security and privacy protection when using cloud services. This, in return, leads to higher costs as well as potential loss of business. It is critical for organizations to have a comprehensive understanding of potential security benefits and challenges associated with cloud computing when contemplating a shift towards cloud computing. We have collected the most important cloud security statistics that will provide you with enough information on the cloud security landscape.
1. When asked what percentage of workloads companies already hold in the cloud, 33% of companies have over 50% of their workloads in the cloud in 2021.
2. Most organizations are implementing a hybrid or multi-cloud strategy (71%) for the integration of multiple services, scalability, or business continuity purposes. Few companies count on a single cloud deployment (27%) for their organizational needs. 76% are utilizing two or more cloud providers.
3. Organizations that struggled to implement proper cloud security, resulting in more than 33 billion records exposed in 2018 and 2019 alone.
4. Which areas did organizations feel were the most important in 2019 to improve security visibility for use of public cloud services: identifying software vulnerabilities and remediation (29%), identifying workload configurations that were out of compliance including those that didn’t adhere to the industry standards benchmarks (28%), identifying misconfigured security groups (25%), discovering public cloud-resident sensitive data (24%), and third-party access to public cloud-resident data (23%).
5. In analyzing the 196 data breaches caused by cloud misconfigurations, the researchers evaluated the type of services involved in each incident. They found that Elasticsearch misconfigurations accounted for 44% of all records exposed in 2018 and 2019, and was also the most common database breached across all platforms (20%). MongoDB misconfigurations accounted for 12% of all breaches.
6. When asked to rank how your organization’s maturity with running a data platform in the cloud, 23% are deployed in the cloud and say that it’s working well. 29% are running a data platform in the cloud and are still working out wrinkles while 3% say that it’s not working well. The remainder of respondents said they were either not on the cloud or want to get there but haven’t started planning yet.
7. According to 68% of organizations, cloud account takeovers present a significant security risk for their organizations whereas 51% stated that phishing is the most frequent method that attackers use to acquire legitimate cloud credentials.
8. 30% of respondents stated that their company’s end-users are most responsible for ensuring the security of SaaS applications within their organization. 24% said that responsibility is shared between their company and the cloud service provider. 20% mentioned that their company’s IT security function is most responsible.
9. The average yearly financial loss due to compromised cloud accounts per year for the organizations represented is $6.2 million.
10. 79% of respondents indicated in 2020 that having consistent, integrated security and governance for their data in the public cloud, private cloud and hybrid cloud was very important and 4% said it wasn’t important at all.
11. 50% of companies used NIST as the best practice security framework for securing public cloud environments while 46% used CIS Benchmarks for the cloud. 19% of organizations didn’t use any kind of framework for the cloud.
12. 60% of infrastructure and operations leaders will experience public cloud cost overruns that adversely affect their on-premises budgets.
14. 66% of respondents said insufficient personnel and expertise was the top operational challenge to managing access to cloud data. It was followed by difficulty in integrating disparate security solutions (52%).
15. What security benefits did cloud services bring to organizations in 2019: high availability (58%), more effective/regular updates/patches (45%), rapid scaling (35%), and security benefits from scale (20%).
16. In 2019, the major barriers to the adoption of cloud services for organizations included: security concerns (63%), fear of data loss/leaks (51%), loss of control (36%), integration with the current IT environment (36%), and insufficient cloud environment isolation (16%).
17. In 2020, the biggest challenge organizations were facing was not technology, but people and processes. Staff expertise and training (55%) continued to rank as the highest barrier to faster adoption, followed by budget challenges (46%), data privacy concerns (37%), lack of integration with on-premises platforms (36%), solution maturity (30%), regulatory compliance requirements (29%), and data residency (25%).
18. What did organisations consider as security threats that were relevant to cloud services in 2019: compliance (50%), integration with the current IT environment (38%), fear of too high dependency on the provider (32%), and insufficient transparency (21%).
19. What specialised cloud computing standards did organisations use in 2019: ISO 27017 (15%), ISO 27018 (9%), SOC 1,2,3 reports (9%), and NIST SP 800 family (7%).
20. Multi-cloud environments add complexity and security challenges. Organizations are most challenged with data protection (58%) followed by a lack of security skills (57%) and understanding how different solutions perform together (52%). Loss of visibility and control (46%), keeping up with the rate of change (44%), and understanding service integration options (42%) come next in the list.
21. In 2020, training and certifying IT staff (61%) continued to rank as the primary tactic organizations deploy to assure their evolving security needs were met. 58% of respondents rely on their cloud provider’s native security tools, and 34% were looking to hire more staff dedicated to cloud security in 2020.