Oracle and KPMG have conducted a study which revealed that although organizations are moving their business critical workloads and sensitive data to cloud, yet security challenges remain. The study titled Oracle and KPMG Cloud Threat Report 2019, found that 72% of respondents feel the public cloud is more secure than what they can deliver in their own data center and are moving data to the cloud.
Inspite of this greater visibility gaps remain that can make it hard for businesses to understand where and how their critical data is handled in the cloud.
The survey also found a projected 3.5 times increase in the number of organizations with more than 50% of their data in the cloud from 2018 to 2020, and 71% of organizations indicated that a majority of this cloud data is sensitive, up from 50% last year. However, the vast majority 92% noted they are concerned about employees following cloud policies designed to protect this data. The survey also found a projected 3.5 times increase in the number of organizations with more than half of their data in the cloud from 2018 to 2020, and 71% of organizations indicated that a majority of this cloud data is sensitive, up from 50% last year. However, the vast majority 92% noted they are concerned about employees following cloud policies designed to protect this data.
The report found that the mission-critical nature of cloud services has made cloud security a strategic imperative. The 2019 report identified several key areas where the use of cloud service can present security challenges for many organizations.
Confusion about the shared responsibility security model has resulted in cybersecurity incidents. 82% of cloud users have experienced security events due to confusion over the shared responsibility model. While 91% have formal methodologies for cloud usage, 71% are confident these policies are being violated by employees, leading to instances of malware and data compromise.
CISOs are too often on the cloud security sidelines. 90% of CISOs surveyed are confused about their role in securing a Software as a Service (SaaS) versus the cloud service provider environment.
Visibility remains the top security challenge. The top security challenge identified in the survey is detecting and reacting to security incidents in the cloud, with 38% of respondents naming it as their top challenge today. 30% cited the inability of existing network security controls to provide visibility into cloud-resident server workloads as a security challenge.
Rogue cloud application use and lack of security controls put data at risk. 93% of respondents indicated they are still dealing with “shadow IT”—in which employees use unsanctioned personal devices and storage or file share software for corporate data. 50% of organizations cited lack of security controls and misconfigurations as common reasons for fraud and data exposures. 26% of organizations cited unauthorized use of cloud services as their biggest cybersecurity challenge today.
“The world’s most important workloads are moving to the cloud, heightening the need for a coordinated, integrated and layered security strategy,” said Kyle York, VP, Oracle Cloud Infrastructure.
“As organizations continue to transition their cyber security thinking from strictly risk management to more of a focus on business innovation and growth, it is important that enterprise leaders align their business and cyber security strategies,” said Tony Buffomante, U.S. Leader of KPMG LLP’s Cyber Security Services. “With cloud services becoming an integral part of business operations, there is an intensified need to improve the security of the cloud and to integrate cloud security into the organization’s broader strategic risk mitigation plans.”
Additional Key Findings
Automation may improve chronic patching problems: 51% surveyed report patching has delayed IT projects and 89 percent of organizations want to employ an automatic patching strategy.
Machine learning may help decrease threats: 53% are using machine learning to decrease overall cyber security threats, while 48% are using a Multi-factor Authentication (MFA) solution to automatically trigger a second factor of authentication upon detecting anomalous user behavior.
Supply chain risk: Business-critical services must be contained as supply chain compromise has led to the introduction of malware in 49% of cases, followed by unauthorized access of data in 46% of cases.
Security events continue to increase while shared responsibility confusion expands: Only 1 in 10 organizations can analyze more than 75% of their security event data and 82% of cloud users have experienced security events due to confusion over cloud shared responsibility models.
Cloud adoption has expanded the core-to-edge threat model: An increasingly mobile workforce accessing both on premise and cloud-delivered applications and data dramatically complicates how cybersecurity professionals must think about their risk and exposure.
(Image Courtesy: www.botmetric.com)