With Cloud adoption rates increasing steadily across both official and shadow IT, there's no question we are in the middle of a revolution around how software and services are delivered. This is great news for enterprises seeking the traditional benefits of the cloud, such as faster deployment of applications, flexibility to react to fluctuating demands and lower cost. But has cloud security kept pace with adoption? Comparing recent and past cloud security studies give us a conclusive "maybe."

Cloud Adoption is Real
There's plenty of proof of cloud adoption whether IT sanctioned or not. The Cloud Security Alliance (CSA) study, "Cloud Adoption, Practices and Priorities Survey Report,"shows that 74 percent of executives and IT managers say they are moving "full steam ahead" or "forward with caution" with cloud use, despite security of data being the top barrier to cloud adoption.
That's good news on the adoption front, however that data becomes "clouded" a bite specially from a security view when you see that 72 percent of respondents in the CSA survey said they didn't know the number of cloud shadow IT apps within their organization, but would like to know. That's a 27 percent increase over the 45 percent of U.S. IT respondents who said they were "unaware" of all cloud services used in their organization when polled five years ago in a study CA Technologies did with the Ponemon Institute; it's a 22 percent increase from the follow-on study released by CA and Ponemon in 2013, "Security of Cloud Computing Users.

The Great Cloud Paradox
Despite the adoption, we still see lingering remnants of the great cloud paradox: while many IT leaders are eager to leverage the cloud, there are still those who are uneasy information. Five years ago in the CA/Ponemon study just 41 percent of U.S. respondents believed that cloud services were evaluated for security prior to deployment. In the 2013 study, that number increased to 51 percent. The recent CSA study highlighted that decisions concerning the security of data in the cloud has shifted from the IT room to the boardroom, with 61 percent indicating that executives are now involved in such decisions. That's improvement for sure, but is 61 percent a passing grade? And who's accounting for the security of the shadow cloud services in operation?
Another twist on the paradox is that the economics of cloud computing dictate that its value increases with the number of users. And yet, it's been said that trust doesn't scale the way technology can. Without delving into the psychology of why we are so eager to use a technology we don't fully trust, it remains that security has never been one of those things we should "work out as we go along."
There is, of course, a lot of progress being made in securing the cloud. In fact, cases have been made that certain cloud services and apps are more secure than if delivered on premise. If we look at where companies securing the cloud are focused, we see that email and web security and identity and access management continue to be at the center. Encryption and cloud-based tokenization solutions are gaining momentum as well, although they are more complex.