News Hub

Security teams can’t keep up with pace of cloud adoption, research finds

Written by Tue 25 Jun 2019

93 percent of IT decision makers report difficulties keeping tabs on cloud workloads

As cloud rapidly becomes the norm, cloud security should be rising up the organisation’s list of security concerns. But new research shows that firms are leaving their security teams behind in their eagerness to migrate workloads to the cloud.

The research, released by security company Symantec, surveyed 1250 IT decision makers across 11 countries and revealed cloud security to be in a sorry state; due to outdated security practices, overworked staff and dangerous employee behaviour.

The decision makers surveyed work for companies that have moved over half (53 percent) of all their compute to the cloud. A similar amount (54 percent) said that their cloud security is lacking.

Immature practices

The main issue affecting security teams is that they rely on outdated security practices. Almost three quarters (73 percent) of respondents reported experiencing a security incident due to immature practices.

Put simply: Security teams are being overwhelmed by the speed of cloud adoption, translating into a worrying lack of visibility into their organisations’ cloud portfolios. Staggeringly, 93 percent reported issues with keeping tabs on all cloud workloads.

This is alarming as any cloud app is a potential attack vector, meaning security teams are in the dark about the threats to their organisation and essentially cannot do their job.

Symantec found a huge discrepancy between the amount of cloud apps companies think they are using compared to what they actually use. Firms estimate they use 452 cloud apps on average, when actually they are using four times as many (1,807).

Likewise, companies utilising cloud infrastructure are not employing standard security practices, such as encryption or multifactor authentication (MFA), leaving them prone to insider threats. 65 percent of organisations are not implementing MFA in IaaS configurations and 80 percent don’t use encryption.

Cloud complexity

The increased diversification of IT deployments – public, private, hybrid – is also giving security teams headaches about where data needs to be secured. It’s not surprising, therefore, that respondents said 25 percent of cloud security alerts go unaddressed.

Employees making use of cloud services are guilty of “rampant” risky behaviour, Symantec added. 85 percent are not using best security practices, including migrating files that should not be there, using weak passwords, failing to refresh old passwords, using apps without IT teams’ permission and connecting personal devices without alerting IT.

“Data breaches can have a clear impact on enterprises’ bottom line, and security teams are desperate to prevent them,” said Nico Popp, senior vice president, Cloud & Information Protection, Symantec.

“However, our 2019 CSTR shows it’s not the underlying cloud technology that has exacerbated the data breach problem – it’s the immature security practices, overtaxed IT staff and risky end-user behavior surrounding cloud adoption.”

Written by Tue 25 Jun 2019


cloud security Symantec
Send us a correction Send us a news tip