Enterprise cloud adoption outstrips cybersecurity capabilities

A new report suggests that SaaS adoption is outpacing the ability to protect enterprise networks in cloud environments.
Written by Charlie Osborne, Contributing Writer

Enterprise companies are adopting SaaS at a rapid pace but are failing to budget for security solutions to protect the data they hold, research suggests.

On Tuesday, cloud security firm iboss released a white paper documenting the rising adoption rates of software as a service (SaaS) applications, which while often valuable for companies, may also pose a risk when cybersecurity is an afterthought.

The report, titled "Head in the Cloud: Misconceptions Hindering Enterprise Cloud Adoption," claims that 64 percent of US enterprise players believe the pace of SaaS application adoption is "outpacing their cybersecurity capabilities."

In total, 61 percent of enterprise IT staff cite data privacy as a primary concern for the growing adoption of SaaS.

With data breaches now so commonplace, the idea of sensitive, corporate information being leaked from non-secure cloud environments causes IT staff to break out in a cold sweat.


When SaaS is in play, Bring your own device (BYOD) devices and policies, and PCs with varying levels of security updates and firmware can all cause disparity and potential weaknesses for threat actors to exploit.

Security policies which cannot cover employee mobile devices, SaaS access and restrictions, as well as remote working effectively can compromise enterprise security -- especially when employees actively circumvent these policies.

In total, IT employees believe roughly a third of remote or mobile workers actively bypass security policies but according to the survey, closer to half -- 48 percent -- of respondents admitted to this practice.

The reasons for choosing to bypass security policies are varied but include for the purpose of accessing new applications and the avoidance of having to use virtual private networks (VPNs) when working.

Under growing pressure from shadow IT, employees utilizing BYOD, and the growing threat of cyberattacks, 91 percent of IT decision makers agree that they need updated security policies to "operate in a cloud-first environment."

Until new security policies are in place, approximately half of IT decision makers are hesitant to move to fully cloud-based systems.


Responses to: To what extent do you think your organization's security policies need to improve to operate fully in a cloud environment?

In addition, half of the survey respondents said that difficult compliance and regulatory issues are a barrier to cloud service adoption, while 44 percent cite a lack of personnel.

See also: Google says its cloud is getting greener

On average, respondents said that roughly 26 percent of their budget is spent on cloud technologies, but this is expected to grow to approximately 39.4 percent in the next 24 to 36 months.

If corporations are going to utilize SaaS successfully, cybersecurity must be considered at every stage in the process in order to maintain effective use, keep data safe, and avoid costly security breaches which can hammer both reputations and the balance sheet.

"Large organizations are facing many challenges that can be solved with cloud-based cybersecurity solutions, but they are holding back because of avoidable concerns," said Paul Martini, CEO and co-founder of iboss. "Office workers are clearly demanding access to SaaS applications and remote work capabilities; the challenge now is to secure them effectively."

A tour of Iceland's data centers

Previous and related coverage

Editorial standards