- Security TWENTY
- Women in Security Awards
In the UK, most (86pc) of senior IT staff believe their business is cloud-first – a similar proportion to France (90pc) and Germany (92pc). That is according to a survey for the cyber firm McAfee of 1310 senior IT staff and 755 employees in large businesses with over 250 employees across the UK, France and Germany. Seven in ten UK businesses expect to become cloud-only; compared to 75pc in France and 86pc in Germany.
As for businesses operating with a cloud-first strategy today, almost two-thirds of senior IT staff believe it has already increased innovation (61pc) and strengthened security (61pc). Almost half (47pc) also think the cloud-first strategy in place enables cost-cutting.
On average, UK respondents claim 45pc of business-critical or sensitive data is currently in the cloud – compared to 43pc in France and 57pc in Germany. While there is clearly appetite to reap the rewards of cloud adoption, security concerns are holding businesses back. Across the three countries, almost a quarter (22pc) of senior IT staff do not think their business will ever be cloud-only, selecting “security fears” (55pc), “data access concerns” (40pc) and “compliance concerns” (31pc) as three key factors.
Besides these security concerns, the study found widespread uncertainty around who is ultimately responsible for ensuring data in the cloud is secure. In the UK, some believe the responsibility lies with C-suite roles: CEO (14pc), CIO (19pc) or the CISO (5pc). On the other hand, over one-third (34pc) feel the IT manager is ultimately responsible for this data.
Raj Samani, chief scientist and McAfee fellow, pictured, said: “Data and applications have shifted to the cloud – and where they go, cybercriminals will try to follow. We’re now in a new era of cloud-native data breaches. As we shift towards a cloud-only or cloud-first business environment, organisations must adapt their security technology and processes to close the gap between cloud adoption and secure enablement in the enterprise. Businesses will need to adopt cloud-native security tools that are purpose-built for cloud security. If not, they run the risk of becoming an easy target for cybercriminals.”
Despite that reliance on cloud, shadow IT continues to be a threat. Almost one-fifth (19pc) of the surveyed employees who use cloud-based apps admit they use apps which have not been approved by IT – with a further 5pc uncertain on which apps had or had not been sanctioned by the IT department. Conversely, one-fifth (21pc) of senior IT staff believe less than 5pc of their end users are using cloud services which have not been approved by IT.