Over half of enterprises think security is lagging behind cloud adoption
According to the results of a new survey 54 percent of enterprises think their organization's security is not mature enough to keep up with the rapid expansion of cloud apps.
The study from Symantec of over 1,200 security decision makers around the world shows that 53 percent of all enterprise computing workload has now been migrated to the cloud, but 93 percent of respondents report issues with keeping tabs on all their cloud workloads.
The research finds that while companies estimate they use 452 cloud apps on average, the actual number is nearly four times higher, at 1,807. This combined with immature practices, including poor configuration or failing to use encryption or multi-factor authentication means enterprises are facing an increased risk of insider threats. The data shows that 65 percent of organizations fail to implement MFA in IaaS configurations and 80 percent don’t use encryption
"The adoption of new technology has almost always led to gaps in security, but we've found the gap created by cloud computing poses a greater risk than we realize, given the troves of sensitive and business-critical data stored in the cloud. In fact, our research shows that 69 percent of organizations believe their data is already on the Dark Web for sale and fear an increased risk of data breaches due to their move to cloud," says Nico Popp, senior vice president, Cloud and Information Protection at Symantec. "Data breaches can have a clear impact on enterprises' bottom line, and security teams are desperate to prevent them. However, our 2019 CSTR shows it's not the underlying cloud technology that has exacerbated the data breach problem -- it's the immature security practices, overtaxed IT staff and risky end-user behavior surrounding cloud adoption.2
The report data shows 25 percent of cloud security alerts go unaddressed. A majority (64 percent) of security incidents occur at the cloud level, and more than half of respondents admit they can't keep up with security incidents. What's more, 83 percent feel they don't have processes in place to be effective in acting on cloud security incidents.
Risky behavior in the cloud is an issue too. 93 percent of respondents say oversharing is a problem, estimating that more than a third of files in the cloud shouldn't be there. Additionally, the cloud is not immune to the same risky behavior that has plagued past technologies -- respondents report users with weak passwords (37 percent), using poor password hygiene (34 percent), using unauthorized cloud apps (36 percent), and connecting with personal devices (35 percent).
You can find out more about the report on the Symantec blog.