Among organizations that keep data in the public cloud, as many as one in four has experienced data theft there, according to a new survey from McAfee.
This shouldn't come as a huge surprise to anyone keeping track of the countless headlines regarding unprotected servers. In spite of the risks involved, just about all organizations are plowing ahead with cloud adoption. According to the survey, 97 percent of worldwide IT professionals are using some type of cloud service, whether public, private or both -- that's up from 93 percent a year ago.
McAfee surveyed more than 1,400 IT professionals for the annual cloud adoption and security survey.
The vast majority of those surveyed (83 percent) said their organizations store sensitive data in the public cloud, while 69 percent said they trust the public cloud to keep their sensitive data secure. The common type of sensitive information stored on the public cloud is personal customer information (with 61 percent of respondents reporting they store this type of data there).
There are some signs that organizations are proceeding with cloud adoption more cautiously than they have in the past. One sign, according to McAfee is that the percent of organizations taking a "cloud first" approach to IT dropped from 82 percent to 65 percent.
The McAfee report offers some best practices for organizations, based on the survey findings. For instance, using automation offered by tools such as Chef, Puppet, or Ansible should be fundamental. Additionally, keeping a unified management platform across multiple clouds reduces cost and complexity while improving security.
Meanwhile, the Cloud Security Alliance on Monday issued its own "State of Cloud Security" report. In line with the McAfee survey, the CSA concluded that security is a growing challenge for organizations scrambling to stay competitive on the cloud. Companies should take a stage approach to migrating sensitive data to the cloud, the CSA says.
The group also concludes that new technologies, such as blockchain, containers and microservices, should be studied more to develop secure best practices around them. Additionally, the CSA says, the information security community needs to work collaboratively to share threat intelligence, to keep up with fast-moving adversaries.