<!-- show content if JS disabled --> <style> .delay-enter { opacity: 1 !important; } </style>

Security benefits are driving cloud adoption, new research shows

Written by Rob Sadowski

The constant stream of high-profile breaches sends a clear and urgent message: Today’s companies can’t afford to put customer information and other sensitive data at risk. Against this backdrop, cloud technology has emerged as one of the best ways to address some of the increasingly complex challenges of IT security.

We’ve held this view for quite some time at Google Cloud, and now it’s clear that a growing number of IT leaders and security experts share our opinion. Research shows that organizations are turning to the cloud not only because it’s cheaper, faster, and more flexible, but also because moving to the cloud can enhance security. In fact, increased confidence in cloud security served as a key driver of cloud adoption for more than 40 percent of the IT decision-makers recently surveyed by MIT SMR Custom Studio.

For a deeper understanding of how cloud can solve some of the biggest security problems that businesses face, we worked with the McKinsey Global Institute to conduct nearly 100 in-depth interviews with security professionals at global companies with more than $1 billion in revenue. Below, find out how they’re using cloud tools to help protect their customers and shore up their defenses across seven key areas of modern IT security. Respondent and company names have been anonymized to protect their privacy.

Data security

The challenge:

A vital safeguard against would-be attackers — encryption of data when it’s stored on a server or moving from one location to another — can be difficult and expensive to enforce on premises, especially at scale. But this layer of security is essential: Failure to encrypt sensitive customer data puts organizations at risk for damaging breaches.

How cloud can help solve it:

Cloud providers like Google Cloud encrypt customer content by default, allowing businesses to protect their sensitive data in the cloud. Many of the security professionals interviewed noted that encryption at rest is much easier to implement in the cloud, which helps explain why roughly 10 percent more enterprises encrypt data at rest in the cloud compared to data at rest on premises, according to the research.

If the data is on a cloud service provider’s infrastructure, we use their encryption services. It’s easier to manage that way.

CISO of a healthcare company

Perimeter and network security

The challenge:

Distributed denial-of-service (DDoS) attacks are becoming more prevalent and damaging, costing affected businesses more than $2.5 million on average annually. In an on-premises environment, large-scale assaults can easily overwhelm a target company’s entire infrastructure, disrupting critical services and applications for hours or even days.

How cloud can help solve it:

Major cloud providers’ globally distributed data center networks can help thwart or absorb large DDoS attacks thanks to their massive scale and multiple layers of defense, respondents said. Additional features can also help to improve resilience, such as load balancing and autoscaling.

The way things are moving with distributed denial-of-service (DDoS) and some of the cyberattacks, having our infrastructure in the cloud just makes things easier for us due to scalability of our cloud provider’s footprint.

CISO of an insurance company

Application security

The challenge:

In an on-premises environment, IT teams maintain software and operating systems by regularly installing updates and security patches. These routine tasks require time and effort, preventing employees from engaging in more valuable and strategic activities — but that’s not the only problem. When businesses fail to deploy updates promptly and consistently, they remain vulnerable to attacks. In fact, unpatched vulnerabilities are the leading cause of exposure to data breaches and cyber threats, research shows.

How cloud can help solve it:

When businesses use cloud software and services, many cloud providers take over the responsibility of rolling out updates and patches, often without any downtime. Not only does this ease the burden on IT staff, but it also improves security by helping to ensure that security vulnerabilities are quickly and thoroughly addressed, respondents said.

Because patches can be rolled out automatically, we aren’t in constant catch-up mode and we have the assurance that we are on the latest and greatest.

CISO in the payments industry

Mobile device security

The challenge:

Sixty-one percent of global information workers who use smartphones for work personally own those smartphones in 2017, compared to 56 percent in 2016, according to Forrester. Meanwhile, the percentage of Americans who say they’ve worked remotely has quadrupled since 1995, Gallup has found. Both of these trends have heightened concerns about the security of mobile devices. While on-premises solutions for managing, securing, and monitoring employee- and company-owned devices do exist, they often require businesses to perform manual upgrades and test each new release.

How cloud can help solve it:

Cloud-based mobile device management (MDM) tools offer a central hub for overseeing employees’ smartphones and tablets. They allow administrators to enforce policies and take actions to protect corporate data, like remotely wiping a stolen or lost phone. According to the research, cloud solutions have a distinct advantage over on-premises MDM software: Updates happen automatically, granting businesses access to the latest version and most advanced features with minimal effort from their IT team.

With a cloud-based MDM solution, we don’t have to worry about the challenge of upgrading and testing each new release, which tended to hold us back from being able to support the newest and latest features as they are introduced.

Head of IT portfolio management for a professional services company

Operational monitoring and response

The challenge:

As hybrid and multi-cloud environments become the norm, on-premises monitoring solutions aren’t always capable of quickly aggregating and analyzing an increasing volume of logs and metrics from multiple sources. This means that businesses may not notice suspicious patterns or receive timely alerts about unusual activity.

How cloud can help solve it:

According to the research, many businesses are using cloud-native monitoring and reporting tools to gather various signals from across their entire environment, gaining a bird’s-eye view of all their assets. Other cited benefits include integration with advanced data tools, which makes it easy to get insights in real time, and cloud storage for log data, which means that businesses don’t have to worry about running out of space. It’s also worth noting that most large cloud providers have the computational power to analyze that data much faster.

The sheer volume of diagnostic and event information that we can get from cloud providers is quite amazing … It is more thorough and complete than anything in an on-premises environment.

CISO of a higher education institution

Compliance and governance

The challenge:

Most businesses are subject to complex government and industry regulations and must verify their compliance through independent audits of data safety, privacy, and security controls. These organizations devote substantial money, time,  and effort to meeting regulatory requirements, proving that they’re doing so, and adapting to changing standards. Achieving or maintaining regulatory compliance is a top priority for nearly 50 percent of enterprise security professionals in 2017, according to Forrester.

How cloud can help solve it:

Major cloud providers routinely undergo third-party audits of all data centers, infrastructure, and operations. Businesses that use these services to meet their regulatory requirements report significant savings in terms of both time and money, according to the research.

I enjoy that cloud service providers have all the certifications that I need. It’s easier to outsource than to build the capabilities in-house.

CISO of a home loans company

Now more than ever, a company’s survival depends on its ability to keep data safe. Every business needs a powerful, sophisticated, and agile force to help guard it against the next headline-making attack. We believe — and this research helps confirm — that the cloud is a big part of the solution.

Rob Sadowski - cropped

Written by Rob Sadowski

Rob Sadowski is Trust & Security Marketing Lead for Google Cloud, with responsibilities spanning platforms, apps, and connected devices.