Companies use public cloud despite security concerns

Many IT decision-makers still seem to be unclear about their responsibilities with regard to cloud security. This is shown by a recent study by Barracuda, in which 550 IT decision-makers in the EMEA region were surveyed on "Public Cloud Infrastructure as a Service (IaaS)". Only 61% of the respondents stated that they fully understood their responsibilities with regard to cloud security.

Lack of understanding of shared responsibility model
Nearly two-thirds of respondents (64%) also believe it is the cloud provider's responsibility to secure data in the cloud; further, 61% indicated this with respect to applications and 60% with respect to operating systems. The findings reveal a worrying lack of understanding of the shared responsibility model, a core policy of most cloud provider agreements. For example, basic infrastructure components such as computing, storage, database and networking, and hardware are secured by the provider, but it is the customer's responsibility to secure its data, apps, operating systems and other software elements in the cloud.

Only just over half invest in additional protection
Less than half (45%) of organizations using public cloud solutions believe their provider offers strong application access protection; results were similar for application (43%) and data (41%) protection. Still, just over half (57%) are investing in additional security products to protect public cloud access; however, over a third (37%) plan to do so in the future. The EMEA region surveyed, Belgium/Netherlands, led the way in terms of additional security solutions deployed with 70%, while Germany was in second-to-last place with 57%, ahead of the UK with 43%.

Rising acceptance despite security concerns
Almost all (99%) of the companies surveyed confirmed benefits from switching to the public cloud. Just under half cite greater scalability (48%) and reduced IT spend (48%) as key benefits, with 43% citing greater agility. In addition, 26% of respondents report a positive ROI in the first year from public cloud adoption. Thus, cloud adoption continues to rise despite security concerns: EMEA companies using IaaS reported that over a third (35%) of their infrastructure is already cloud-based (Belgium and Netherlands 41%, France 38%, Germany 35%, Austria 35%, UK 29%) and they expect this to increase to 50% over the next two years.

"Despite increasing adoption of the public cloud, security concerns remain high. 77% of respondents said they use public cloud services to store sensitive data such as employee information, business IP and customer database data. In light of the EU's General Data Protection Regulation (GDPR), there will be an even greater focus on protecting data in the cloud," said Kristof Vanderstraeten, EMEA Director of Public Cloud Business Development at Barracuda.

"Our study shows that the public cloud is a very attractive prospect, but migrating sensitive business applications can be a complicated process that creates new security requirements," Vanderstraeten added.

Click here for the summary of the Study results and to the infographic.