Businesses in EMEA are increasing their investment in public cloud, despite ongoing security concerns and a perceived lack of understanding about who is responsible for keeping their data safe, according to the findings of a study of IT decision makers released today by Barracuda Networks, Inc. (NYSE: CUDA), the leader in Cloud-enabled security and data protection solutions.
- 20% of IT budgets are currently being spent on public cloud deployments, with organisations expecting half of their infrastructure to be in the public cloud within two years.
- Less than half (45%) of respondents believe that their public cloud IaaS provider completely successfully offers strong protection when it comes to accessing cloud applications.
- Over half (57%) of respondents claimed they’ve invested in additional security products to protect access to the public cloud, while a further third (37%) said they plan to in the future.
- EMEA businesses are using public cloud for a range of purposes, most popular being data storage (77%) and data recovery (56%), followed by web and app hosting (54%), data analytics (51%), and CRM systems (46%).
- Contrary to the obligations set out in the Shared Responsibility Model, 64% of respondents believe it is the cloud provider’s responsibility to secure data in the cloud, while 61% said the same about applications and 60% about operating systems.
Cloud adoption continues to rise, despite ongoing security concerns
Businesses in EMEA that are using public cloud Infrastructure as a Service (IaaS) claim that nearly 35% of their infrastructure is currently in the cloud, with this expected to rise to half in two years’ time. The UK has the lowest proportion of public cloud in their infrastructure (29%), trailing behind Belgium/Netherlands (41%), France (38%), Austria (35%) and Germany (35%).
Of those businesses that have turned to the public cloud, fewer than half (45%) have confidence that their provider completely successfully offers strong protection of access to applications in the cloud, with a similar proportion reporting the same for having strong protection of applications in the cloud (43%) or strong protection of data in the cloud (41%). What this suggests is that more than half are not completely satisfied by the security offered by their cloud provider, and that this needs to be addressed in order to maintain momentum.
Chris Hill, EMEA director of public cloud business development at Barracuda commented: “Despite the increasing adoption of public cloud across EMEA it’s telling that security concerns continue to loom large. With 77% of respondents claiming to use public cloud to store data such as employee information, business IP and customer bank details the upcoming EU General Data Protection Regulation (GDPR) in May 2018 brings into focus ever more clearly the need to ensure cloud data is properly protected.”
Lack of understanding leading to increased risks
Many IT decision makers seem to be confused over exactly what their responsibilities are when it comes to cloud security, with just 61% across EMEA claimed to fully understand their responsibilities in this area – a figure rising to 69% in Germany and dropping to 51% in Belgium/Netherlands.
More concerning is the fact that almost two thirds of respondents in EMEA (64%) believe it is the cloud provider’s responsibility to secure data in the cloud, while 61% said the same about applications and 60% about operating systems. This highlights a worrying lack of understanding of the Shared Responsibility Model, a key stipulation of most cloud provider agreements, under which they secure basic infrastructure components like compute, storage, database and networking, as well as the physical site whilst it is the customer’s obligation to secure their data, apps, OS and other software elements running in the cloud.
Despite this perceived lack of awareness of the risk, it’s encouraging to see that businesses in EMEA are taking measures to put extra protection in place. Over half (57%) of respondents claimed that they’ve invested in additional security products to safeguard access to the public cloud, while a further third (37%) said they plan to do so in the future. Those in Belgium/Netherlands were most likely to have added security (70%), while UK organisations were least likely (43%).
“It’s clear from this research that the public cloud remains a hugely attractive prospect, yet migrating sensitive business applications can be a complicated process which creates new security requirements,” continues Chris Hill. “Against the backdrop of ever more prevalent and damaging online threats facing organisations, it’s natural to see security remain a challenge. We’ve listened to this concern, and recently announced new benefits to Barracuda’s Cloud Ready program — offering any organisation a free 90-day cloud licence for Barracuda Web Application Firewall and Barracuda NextGen Firewall on Amazon Web Services (AWS) and Microsoft Azure (Azure).”