The survey shows a mixed picture when it comes to firms migrating security tools to the cloud. While just over half of respondents (52 percent) began migrating to cloud-based security products during or before 2018, around a fifth (18 percent) waited until 2019, three percent started in 2020, 13 percent have not yet started and the remainder don’t know when they’ll migrate. Of those that have started their migration, over half (58 percent) have migrated at least one quarter of their security tools to the cloud, while one third (33 percent) said more than 50 percent of their security tools are now cloud-based.
Typically, organisations migrate security tools to the cloud to minimise the resources and overhead associated with owning and maintaining on-premises equipment and software. This means security teams can avoid system sizing, maintenance, uptime management, and product upgrades. Reducing engineering effort to deploy and maintain new solutions allows security analysts to complete tasks faster and frees engineers up to focus on other projects.
The survey results support this, with improvements in monitoring and tracking of attacks (29 percent) and reduced maintenance (22 percent) considered the most important gains from using cloud-based security tools. CAPEX reductions (18 percent), faster time to value (17 percent) and access to the latest features (13 percent) are drivers for cloud adoption, but considered less important.
However, when asked what concerns they have about moving security tools to the cloud, data privacy (30 percent) remains high on the list, with unauthorised access (16 percent), server outages (14 percent), integration with other security tools (14 percent), and data sovereignty (13 percent) also being raised.
While 22 percent stated migration to the cloud was not a priority for their organisation, the results suggest a lack of understanding about the migration issue as a whole. Around a third (32 percent) said they did not know what concerns their organisation has about moving security tools to the cloud. Furthermore, despite about a third (32 percent) of respondents saying they consider it to be too difficult or too risky to migrate security tools to the cloud, nearly half said their preference is to migrate legacy products to the cloud (46 percent) rather than replace legacy on-premise products with new cloud-native security tools (54 percent).
Organisations are protecting a variety of data types with cloud-based security tools, with email the most widely protected (22 percent), followed by customer information (21 percent), file-sharing (20 percent) and personnel files (18 percent). However, few organisations (12%) have extended cloud-based security to protecting corporate financial information.
“As organisations modernise their security operations, SaaS solutions are increasingly becoming the deployment model of choice. While the results of this survey show that some security professionals still have concerns, having visibility into cloud services is vital and many organisations are now taking a cloud-first approach to security,” commented Sam Humphries, security strategist, Exabeam.
“We can expect more organisations to migrate their security tools to the cloud this year as security professionals increasingly see the benefits of hosted cloud offerings, which provide the full functionality of traditional on-premise solutions. Added benefits include reduced cost and maintenance issues, as well as eliminating the need to route cloud data to on-premises data centres,” concluded Humphries.