The survey also found that 61% of organizations -- compared with 53% in a similar survey conducted last year -- said they have limited, at best, knowledge of which systems and applications employees are accessing. Furthermore, 16% suspect that their cloud applications are being inappropriately accessed, but said they don't know how to identify unauthorized users.
Not surprisingly, while last year 58% of organizations weren't confident that they could prevent terminated employees from accessing one or more IT systems, this year that statistic increased to 64%.
Account access oversights make it difficult to ensure that only authorized personnel have access to sensitive information stored in the cloud. In addition, said Courion, lack of oversight also increases the threat from so-called zombie accounts -- "accounts that remain active after employees have left the company or changed roles." Zombie accounts increase the risk of data theft, either by malicious insiders or former employees, or else by outside attackers who manage to break into the account.
Another way in which cloud security often lacks oversight: 78% of respondents said there is no "single party" responsible for ensuring that business data in the cloud remains secured, and many are unclear on who should assume that role. Roughly two-thirds of respondents think both customers and cloud application providers are responsible for security, but 13% aren't sure where the ultimate responsibility should lie.
From a risk standpoint, companies are split on which is the bigger threat: inside attackers or external cybercriminals. This year, 57% of respondents said that their biggest security concerns involved external IT threats, up slightly from 54% last year.