Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:43 PM
Connect Directly

Microsoft: SMB Cloud Security, Privacy Concerns A Matter Of Perception

Survey finds some SMBs afraid of going to the cloud for security reasons -- and other SMBs loving the cloud for security reasons

What keeps one small to midsize business (SMB) away from cloud computing keeps another SMB sold on it: security.

A new blind survey conducted by comScore and commissioned by Microsoft shows that security is the No. 1 deterrent for SMBs that are forgoing the cloud, and also the biggest payoff for those that are adopting cloud services. Sixty percent of SMBs in the U.S. that don't use cloud services point to data security as a top reason for not going there, while 94 percent of SMBs that subscribe to cloud services say cloud gave them security features they didn't have pre-cloud. Around 50 percent of them also say cloud gives them better security.

"Many of these SMBs are more concerned about cloud security than they should be. We know this because we are [also] talking to people who use the cloud," says Tim Rains, director of Trustworthy Computing at Microsoft. "What we're trying to do by sharing these findings is to help bridge the cloud perception gap -- the perception on security, privacy, and reliability, which have been barriers."

The survey, which polled around 100 SMBs with cloud and 100 without, also found that 45 percent of SMBs who don't use cloud services say they are worried about losing control of data in the cloud, and 42 percent haven't gone cloud due to concerns about reliability. Nearly 40 percent say compliance is holding them back from cloud. The SMB survey respondents had anywhere from 25 to 499 PCs in their organizations.

More than 90 percent of SMBs that have adopted one or more cloud services -- data storage, email/calendar, online productivity, customer relationship management, database service, application hosting/management, management/securing computers, enterprise resource management, or computing capacity for running application code -- say cloud providers made it easier for them to meet compliance, and 55 percent have reduced the time they spend managing security now that they use cloud services. Some 62 percent say their privacy protection has improved, and nearly half are confident in their cloud provider's ability to manage data privacy.

Reliability also got high scores: Ninety-six percent of SMBs using cloud services say they are confident of restoration in the event of an outage, and 73 percent are more confident in "the integrity" of their data in the cloud.

Microsoft's Rains says the survey demonstrates misconceptions about security, privacy, and reliability of cloud services. "When they embrace cloud, they found the benefits outweigh their concerns," he says. "Those with business applications in the cloud had better service availability and support during outages than their non-cloud counterparts."

Time was another win for SMBs in the cloud, according to the survey: Fifty percent say they were able to pursue other projects because they were spending less time managing security.

"We wanted to better understand the perceptions of cloud small businesses have ... from those who have not deployed cloud from a security and reliability [perspective] and compare with those similar companies with real experience who have adopted the cloud," Rains says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.