News Hub

UK organisations struggling with cloud security responsibilities

Written by Wed 27 Nov 2019

Confusion around who is “ultimately responsible” for data security in the cloud

Although UK organisations are increasingly moving sensitive data to the cloud, IT staff and employees are failing to define cloud security responsibilities, a new report suggests.

Cyber security company McAfee surveyed 1310 IT staff and 755 employees in businesses with over 250 employees across Europe to understand how cloud adoption is progressing and how well organisations are dealing with cloud security concerns.

In the UK, there is significant confusion around who is ultimately responsible for ensuring data security in the cloud, with some believing responsibility lies with the C-suite and others thinking that the buck stops with IT managers.

14 percent believe ultimate responsibility lies with the CEO, with 19 percent pointing to the CIO and 5 percent to the CISO. By comparison, over one-third (34 percent) reckon IT managers are ultimately responsible.

Despite this uncertainty, UK organisations are increasingly reliant (45 percent) on the cloud to store business-critical or sensitive data. Interestingly, the figure is higher in Germany — a nation considered more data and cloud cautious than others in Europe.

Another security concern is the high number of employees adding cloud apps to their toolkits without first receiving approval from the IT department. One-fifth of employees admit to the practice, and even more alarmingly, senior IT staff are ignorant about the prevalence of “shadow IT” in their organisations. One-fifth (21 percent) think just 5 percent of end users are using non-sanctioned cloud services.

UK organisations clearly have a lot to improve from a security standpoint if cloud adoption proceeds at its current pace. 40 percent of large UK businesses expect to be cloud-only by 2021. In France and Germany, organisations have more confidence in their future cloud uptake. 42 percent of French organisations expect to be cloud-only by 2021, with two-thirds (68 percent) expecting to see this progress in Germany.

Commenting on the report, Nigel Hawthorn, director, EMEA cloud security business, McAfee, said leaps in cloud adoption could lead to “serious security lapses if not handled correctly.”

“The key to security in a cloud-first environment is knowing where and how data is being used, shared and stored by employees, contractors and other third parties,” he said.

“When sensitive corporate data is under the IT team’s control – whether in collaboration tools or SaaS and IaaS applications – organisations can ensure the right policies and safeguards are in place to protect data from device to cloud, detect malicious activity and correct any threats quickly as soon as they arise.”

Written by Wed 27 Nov 2019


Send us a correction Send us a news tip