Security firm Network Box is warning firms that cloud services should not replace onsite security.
The firm said in its Guide to Cloud Security (PDF) that enterprise users should not be lulled into a false sense of security as they take on cloud packages, and should carefully consider how and when they are adopted.
Network Box outlined how companies should approach cloud security, recommending that a number of elements are considered before any moves are made.
The cloud has an important part to play in security, but could be insufficient in areas such as firewalls, intrusion detection and prevention, and device security, the firm said.
However, the company added that there are areas where the cloud could provide adequate security.
Areas that Network Box said offer "effective security" are email, such as anti-virus and spam and phishing tools, encryption and archiving. As well as this, the firm said that web cleansing and filtering tools are adequate in the protection they offer.
However, Network Box added that key security elements, such as firewalls and intrusion detection, are best served by onsite security systems and software. This also applies to device management and VPNs, remote access, network and software updates and secure data routing.
"The cloud is growing in importance. It's an important part of most companies' security strategies," said Simon Heron, internet security analyst at Network Box.
"But security these days is about more than email and web filtering. It's important that the cloud is used as part of the mix. Unfortunately it cannot be the complete solution."
A nuclear strike has been considered, but Bruce Willis is nowhere in sight
Spray-on antenna could enable seamless integration of antennas with everyday objects
Parker Solar Probe, TESS and GOLD missions will deliver exciting data, claims NASA
But deep learning pulls ahead for complex tasks