Digital transformation to the cloud is on the way, and the COVID-19 pandemic accelerated that trend. But cloud adoption is not without risk. The Cloud Security Alliance surveyed more than 1,900 IT and security professionals to understand better current cloud security concerns, challenges, and incidents. Key findings include:

On incidents:

  • 11% of respondents reported a cloud security incident in the past year,  of which the three most common causes were cloud provider issues (26%), security misconfigurations (22%), and attacks such as denial of service exploits (20%).
  • When asked about the impact of their most disruptive cloud outages, 24% said it took up to 3 hours to restore operations, and for 26%, it took more than half a day.

On pressing concerns:

  • The biggest concerns over cloud adoption were network security (58%), a lack of cloud expertise (47%), migrating workloads to the cloud (44%), and insufficient staff to manage cloud environments (32%). 
  • 79% of respondents reported staff-related issues, suggesting a skills and talent shortage and difficulties in handling cloud deployments and a largely remote workforce.

On responsibility for managing cloud security: 

  • Responsibility for controlling cloud security is not always the same: 35% of respondents said their security operations team managed cloud security, followed by the cloud team (18%), and IT operations (16%).
  • Other teams such as network operations, DevOps and application owners all fell below 10%, showing confusion over exactly who owns public cloud security.

Why does this matter for businesses? 

  • The concerns, challenges and risks of using cloud computing differ from on-premise environments. Cloud providers secure servers and infrastructures, but many breaches occur because of misconfiguration and complexity in hybrid and multi-cloud environments.
  • As cloud adoption continues, so must companies change their approach to securing data and applications while finding and retaining new talent and skills.


Read the full report.