A full 43% of IT professionals said they find it difficult to secure data in the cloud.

That’s according to a Lieberman Software survey, which also found that 73% of respondents said they prefer to keep their sensitive corporate data on premises, rather than in the cloud.

“The cloud is ideal for businesses that need a cost effective, scalable and flexible means to transform their IT environments,” said Philip Lieberman, president and CEO of Lieberman Software. “Yet, IT professionals are still reluctant to put sensitive data in the cloud because they say it is difficult to secure. What organizations need to understand is that the same security problems they face on premises follow them into the cloud. Migrating to the cloud doesn’t mean they face any more or less security risk than keeping data on premises.”

The study also indicates some birthing pains, as it were: The majority (90%) said the cloud is forcing them to learn new skills. And, one in three (33%) think the cloud will be the end of the traditional IT security team.

User behavior isn’t shifting quickly enough however. Attackers use the same automated cyber-attacks on physical systems that they do on cloud-hosted systems. Yet 43% of survey respondents said that they do not change their credentials in the cloud as frequently as they do on premises.

To succeed—whether inside the cloud or not—attackers need credentials. To gain these credentials, cyber-criminals use tactics such as spear phishing and social engineering to circumvent traditional perimeter defenses like firewalls. Once inside the network, the attackers look for privileged credentials that allow them to move between systems and steal sensitive data.

“A security solution that provides unique and frequently changing credentials for each privileged account ensures that even if an intruder steals a password, it is time-limited and cannot be used to jump from system to system on the network,” Lieberman said. “And if this solution can be deployed in a cloud or hybrid environment, while also securing the credentials that underpin the administration of cloud portals themselves, we will see confidence in cloud security rise.”

Source: www.infosecurity-magazine.com