Majority of Companies are ‘Failing’ on Cloud Security
A report from one of the world’s largest cyber security firms, Symantec, is claiming that the majority of companies currently utilising the cloud for data storage are failing to get a proper grasp on the necessary steps to stay secure.
The 2019 Cloud Security Threat Report - which you can access here - took into account feedback and responses from 1250 firms across 11 countries, and shows that the majority of enterprises out there need to take the threat more seriously, according to its authors.
Interestingly enough, the first takeaway from the report is that 53% of organisations that took part in the survey “are forging ahead with cloud deployment,” according to Symantec’s executive summary, while 69% “are still storing some data on premises.” Just 3% have transferred all their work to the cloud, according to the report.
One of the shocking findings of Symantec’s report is that “49% of respondents confirmed their cloud-security manpower is inadequate to deal with all incoming alerts.” Strengthening their findings, Symantec says that nearly three-quarters of those interviewed (73%) said they had experienced issues around their cloud management, lacking vital tools like encryption and two-factor authentication. 83% said that as is, they were lacking the right procedures and policies to effectively manage the security of their data in the cloud.
“A skills and security personnel shortage is the primary culprit: most respondents said they need to enhance Cloud security skills (93%) while 84% confirmed they needed to add staff to close the gap.”
“73% blame immature security practices for at least one cloud incident” - Symantec Executive Summary.
What’s more interesting, however, is that “according to respondents, the average organisation believes its employees are using 452 cloud apps. However, according to Symantec’s own data, the actual number of Shadow IT apps in use per organisation is four times higher, at 1807.”
“The adoption of new technology has almost always led to gaps in security,” said Nico Popp, senior vice president of cloud and information protection at Symantec. “But we’ve found the gap created by cloud computing poses a greater risk than we realise, given the troves of sensitive and business-critical data stored in the cloud.”
“Data breaches can have a clear impact on enterprises’ bottom line, and security teams are desperate to prevent them. However, it’s not the underlying cloud technology that has exacerbated the data breach problem- it’s the immature security practices, overtaxed IT staff and risky end-user behaviour surrounding cloud adoption,” he said.
In closing, Symantec’s executive summary says that “too many companies are not acknowledging the percept gap in cloud security and are vastly underestimating today’s threats.”
“Huge visibility gaps leave organisations in the dark about how much and where data and workloads reside, making it harder to identify and mitigate mounting security threats. Beyond technology, it’s time to recalibrate culture and adopt security best practices at a human level. It’s a combination of both that will ensure the enterprise is sufficiently safeguarded today and more importantly, for tomorrow when it’s anyone’s guess what the future may bring.”