IBM: 75% of CISOs Expect Their Cloud Security Budgets to Increase
A new IBM study of nearly 150 chief information security officers (CISOs) revealed 75 percent of these leaders say they expect their cloud security budgets to increase dramatically over the next three to five years.
These expected budget increases correspond to the rising demand for the cloud; the study showed 86 percent of CISOs say their organizations are now moving to the cloud.
IBM researchers, however, also found that 44 percent of CISOs say they expect a major cloud provider to suffer a significant security breach in the future that causes a high percentage of customers to switch providers.
“Organizations are moving to the cloud space. Naturally, as cloud adoption increases, business leaders are laser-focused on ensuring security controls are in place,” IBM Security General Manager Brendan Hannigan wrote in a blog post. “Companies must be able to extend their security controls from the enterprise to the cloud without adding complexity. Cloud-native services must be integrated with enterprise security solutions. The cloud should be leveraged to deliver security services.”
An IBM spokesperson told MSPmentor that the full results of the company’s CISO study will be released next month.
How can MSPs manage cloud security risks?
While IBM found that many CISOs are concerned about cloud security, recent research shows more organizations have made cloud security a top priority over the past few years.
An April 2014 Ponemon Institute and Thales e-Security study of 4,275 business and IT managers revealed the percentage of respondents who are knowledgeable about the security practices of cloud providers increased from 29 percent in 2011 to 35 percent in 2013.
Researchers also discovered the percentage of respondents who are less likely to believe that cloud services decrease their organizations’ security posture fell from 39 percent in 2011 to 34 percent in 2013, and organizations’ use of encryption for data in the cloud appears to be increasing as well.
So how can managed service providers (MSPs) protect their customers against cloud security risks? Hannigan offered the following recommendations:
- Manage access — Ensure only authorized users can access cloud-hosted applications.
- Protect data — Identify and monitor data at all times.
- Gain visibility — Learn about cloud security threats to manage and eliminate these issues.
- Optimize security operations — Modern security practices must take into account IT’s shift to the cloud.
“Now, as businesses move into the cloud, they can no longer rely on their old ‘bridge-and-moat’ solutions to keep the bad guys out,” an IBM spokesperson added. “As we move into the cloud, businesses must have a single line of sight into their whole business so they can identify potential security events, assess threat levels and have the capabilities in place to respond quickly.”