Organizations are deploying cloud-based applications faster than they can secure them, according to the 2018 Enterprise Cloud Trends report, a survey of 200 IT decision-makers in U.S. corporations with at least 500 employees.

The report, commissioned by IT company iboss, found that the move to cloud-based applications is set to increase in the months and years to come. While an average of only 21 percent of respondents' applications are currently cloud-based, respondents expect that to rise to 28 percent over the next year and 33 percent over the next one to two years.

What's more, though organizations currently spend an average of 26 percent of their IT budget on cloud applications, respondents also expect that to rise to 31 percent over the next year, and 39 percent over the next two years.

Most organizations are able to handle the technical challenges of moving to cloud-based solutions, with 83 percent of IT decision-makers noting they were comfortable with supporting the change. But while they can support cloud applications, securing them is another story. Almost two-thirds, 64 percent, said their organizations' adoption of cloud-based applications is outpacing their ability to properly secure them.

So why are companies moving to cloud-based apps faster than they can potentially secure them? For most, it's about capital. Fifty-five percent of respondents cited cost-savings as the biggest benefit they experience from moving to cloud-based applications, while 54 percent also cited increased revenue.

What's more, almost half, 49 percent, of IT decision-makers said they will make all of their investment back from a cloud-based application, while 35 percent pegged their return on investment (ROI) at 150 percent, and 15 percent expected to double their investment.
To be sure, there are a number of potential security issues facing cloud application deployments, including the prospect of sensitive data being uploaded to, or accessed through, cloud services.

“Employees may not know that they're not allowed to upload [sensitive data] into their sanctioned cloud storage app and cause a compliance violation, or they may share confidential client documents through an unsanctioned app that isn't secure and trigger a violation that way,” Jervis Hui, product marketing manager at Netskope, previously told Legatech News.

Implementing strict access control on all cloud applications, therefore, is pivotal to a company's compliance and security needs. But oftentimes, it is not enough. Given the ability of malware to quickly spread through cloud-connected devices, it is also vital for companies to ensure their cloud provider has significant cybersecurity protocols in place.

However, many will erroneously assume cloud vendors have such security controls in place. “You have this false sense of security when we're using a cloud service provider that they are going to be thinking about security, and oftentimes that is not how it works,” Holly Brady, senior counsel at Altria Client Services, told ALM Media's 2017 cyberSecure conference in New York.

Even large well-known cloud providers, such as Amazon, have experienced breaches in the past. “It seems that not a week goes by that we don't see a headline about an insecure Amazon web service [exploit],” Brady said.

The need for cloud security is essential, given that many organizations use cloud-based apps to store potentially sensitive data. The survey found that almost two-thirds, 63 percent, used or planned to use cloud-based applications for email, while 59 percent used or planned to use them for file sharing, 57 percent for human resources work, and 55 percent for customer relationship management programs.