As more and more organisations migrate their data to the cloud, it’s critical that they simultaneously maintain a robust cybersecurity posture. However, regular news headlines about the latest high-profile data breaches suggest that security simply isn’t as high on the enterprise priority list as it needs to be.
In order to better understand the state of enterprise security in the cloud, Bitglass conducts an annual survey amongst IT and security professionals. Each year, the results identify the key trends and common vulnerabilities that organisations are facing.
Here, Anurag Kahol, CTO, Bitglass, looks at some of the main findings from this year’s survey, compares them to previous years and discusses the implications with respect to both the present and the future.
- The need for robust cloud security is greater than ever
Greater flexibility and productivity are some of the key drivers behind the growing volumes of data that are being stored in the cloud. However, this mass movement can increase the likelihood of data leakage if proper security measures aren’t in place. A closer look at the type of information moving to the cloud demonstrates why this data leakage can be so problematic. A total of 45% of 2019 survey respondents store customer data in the cloud, 42% store employee data and 24% store intellectual property. Obviously, this shows how high the stakes can be in the event of a breach.
- Cloud security is a top concern among organisations
A massive 93% of survey respondents were at least moderately concerned about the security of the cloud – 38% said that they were extremely concerned. Despite this, there is a growing recognition that cloud apps aren’t as much of a risk as they once were. A total of 67% now believe that cloud applications are as secure or more secure than on-premises apps. The main conclusion to be drawn from this is that organisations increasingly recognise that the cloud itself is safe; however, they are struggling to put the processes and tools in place that allow them to properly secure its use from an operational perspective.
- Visibility over cross-app anomalies is worryingly low
Despite the importance of knowing who (or what) is accessing sensitive data, only 20% of organisations have visibility over cross-app anomalous behaviour. Despite a slight increase since last year, it remains worryingly low – particularly in light of the fact that 75% of respondents operate within a multi-cloud environment.
In addition to this issue, the survey showed that corporate visibility over every other category had in fact decreased since 2018. This included user logins (down from 78% in 2018 to 69% in 2019), external sharing (down from 44% to 40%) and DLP policy violations (down from 46% to 38%). This is likely because IT departments are struggling to keep pace with the rapidly growing number of cloud applications and personal devices that are being used to store and process data in the enterprise.
- Most organisations are still not deploying cloud security solutions effectively
Access control (52%) is the most widely used cloud security solution in 2019, closely followed by anti-malware (46%). However, with the ever-growing threat of data breaches and leakages in the cloud, these tools (and others like single sign-on (26%) and data loss prevention (20%) are still not deployed often enough.
Additionally, with 66% of respondents saying that traditional security tools don’t work or have limited functionality in the cloud, adopting appropriate cloud security technology is now known to be essential.
Fortunately, modern solutions such as cloud access security brokers (CASBs) can provide many of these essential capabilities in one solution. This is something that more and more organisations are recognising, driving the adoption of CASBs from 20% in 2018 to 31% today.
- Cost is still the main driving force for those choosing a cloud security provider
Whether for better or for worse, cost remains the leading factor for organisations that are selecting a cloud security provider – more so than other important items associated with better overall implementation and data protection.
In total, 55% of respondents cited cost effectiveness as their main concern. Other options included ease of deployment (46%), whether the solution is cloud native (45%), the ease with which cross-cloud security policies can be enforced (36%) and the solution’s ability to integrate with various cloud platforms (36%).
While cost is a necessary consideration, a cheap but poorly implemented tool will never be as effective as a well-integrated solution that offers high levels of flexibility and control wherever data goes.
In the modern business environment, with data being stored in more places and accessed by more devices than ever before, the need to maintain comprehensive cybersecurity is absolutely critical. While some organisations are now prioritising cloud security, too many are still relying upon traditional, premises-based tools to protect their data in the cloud.
Naturally, this latter approach is inadequate for protecting data that has gone beyond the corporate firewall.
Fortunately, there are a growing number of cloud security solutions that can make things incredibly simple for organisations that are able to change their way of thinking and embrace the latest technology.
For more information, download the full 2019 cloud security report here.