Cloud security is a top IT budget priority moving into 2019. While in the early days of cloud computing, security concerns preventing many organizations from fully moving their workloads off-premises, today, most companies recognize that the cloud can often be a safe place to move data, applications, and infrastructure, according to a recent report from Forcepoint.

Today, people who trust the public cloud outnumber those who don’t by a ratio of 2-to-1, research from Intel cited in the report found. More than 62% of IT professionals now store their data in the public cloud as well.

More organizations are moving to the cloud for multiple purposes, including security, the Forcepoint report found. Cloud-based security solutions have the potential to offer enhanced security for all employees, including those working remotely, as well as greater scalability and flexibility, security for applications, data, and systems, reduced complexity, ease and speed of deployment, and lower hardware and support costs, the report noted.

SEE: Quick glossary: Hybrid cloud (Tech Pro Research)

However, the gain these advantages, organizations must select the right provider. Here are the five most common misconceptions about cloud-based security infrastructure, and what your business should be looking for in a solution.

Myth #1: Security certifications are only important for compliance teams

Cloud-based security providers should have the requisite certifications, which should be checked by your business before signing a contract, the report said.

“This means that your security team should be looking for certifications as part of their initial vendor selection process,” the report stated. “If a cloud provider can’t supply them, you have no assurance that it’s complying with industry and government security standards. For example, without an ISO 27018 certification, you don’t know whether a provider has controls in place for PII data (which is also a requirement for complying with the General Data Protection Regulation, or GDPR).”

At a minimum, security teams should also look for compliance with CSA STAR, industry-specific regulations, and local regulations in the area where your company does business, the report said.

Myth #2: Cloud provider data centers are always more secure than corporate ones

After the breach of a private data center, cloud service providers like to boast that their infrastructures are more secure. However, this is not necessarily the case, the report noted. Data center security managers must implement controls for data security, including encryption, tokenization, and data loss prevention. A certification from a third-party auditor can also ensure that requirements are met.

SEE: FAQ: What Arm servers on AWS mean for your cloud and data center strategy (TechRepublic)

Myth #3: The more data centers a cloud service provider has, the better the service’s performance and resiliency

The number of data centers has no direct impact on the performance of the cloud service provider, the report stated. For example, Microsoft Azure has just 30 data centers globally, while many other lesser services have hundreds, but can’t match Azure’s performance, it noted.

Myth #4: The security of your cloud service provider does not impact your cybersecurity insurance costs

More companies are investing in cyber insurance, as US insurers earned $1 billion in cyber premiums last year, the report noted. Your company will likely pay a lower cyber insurance premium if your cloud providers can show certifications demonstrating that sensitive data is properly secured.

Myth #5: Compliance is solely driven by external forces

Even when using a cloud security provider, the IT department is still responsible for protecting company assets, and must ensure compliance, the report noted. Businesses must invest the time and resources needed to get compliance policies right and protect information.