Cloud Security Lacking as Migration Accelerates
Organizations are moving workloads and data into the cloud, giving them increased productivity and flexibility, but increasing the likelihood of data leakage where proper cloud security is not employed.
That’s according to the Guardians of the Cloud report by Bitglass, a next-generation cloud access security broker (CASB) provider. In partnership with Holger, Bitglass surveyed IT professionals to uncover the state of enterprise security in the cloud.
Jacob Serpa, Bitglass’ senior product marketing manager, tells us that organizations are quickly realizing that securing data in the cloud requires very different tactics and tools compared to securing data on-premises, and many may turn to MSSPs for assistance and guidance.
“Data from this report indicates that companies are lagging in deploying even basic cloud security solutions like single sign-on and data loss prevention,” he said. “Additionally, as 66% of respondents said that traditional security tools don’t work or have limited functionality in the cloud, adopting appropriate cloud security solutions becomes even more critical. Fortunately, CASBs can provide many of the essential security capabilities required to operate safely in the cloud.”
Despite a change in their order, the top priorities from 2018 remained top priorities in 2019 in the respective order of: defending against malware, reaching regulatory compliance, securing major apps in use, preventing cloud misconfigurations, securing mobile and discovering unsanctioned apps in use.
Among key findings:
- 93% of respondents are at least moderately concerned about the security of the cloud.
- The use of CASBs for malware protection has increased from 20% in 2018 to 31% today. Forty-five percent of respondents store customer data in the cloud, 42% store employee data in the cloud and 24% store intellectual property in the cloud.
- Cost is the leading concern for organizations evaluating cloud security providers. Other critical concerns include ease of deployment (46%), whether the solution is cloud native (45%), the ease with which cross-cloud security policies can be enforced (36%) and the solution’s ability to integrate with various cloud platforms (36%).
“We were surprised that securing mobile devices wasn’t higher on the list of priorities for organizations; it remained in fifth place in both 2018 and 2019,” Serpa said. “This is surprising because another recent Bitglass report found that 85 percent of companies now enable BYOD.”
The costs that ensue after a data leak or breach are “far heftier” than the price of investing in appropriate cybersecurity solutions and implementing a proactive strategy to protect data in today’s cloud-first world, he said.
“Successfully defending against threats requires organizations to utilize a three-pronged strategy that encompasses devices (endpoint protection), the corporate network (secure web gateways) and the cloud,” he said. “While a few cloud apps provide some built-in malware protections, most do not. As such, a combination of tools is necessary. Fortunately the use of CASBs for malware protection has increased. Despite this, CASB adoption rates must continue to accelerate if organizations are going to keep up with the growing dangers of malware.”
“Frequent breaches in the news suggest that many companies are not prioritizing security to the degree that they should,” said Rich Campagna, Bitglass’ chief marketing officer. “While some enterprises are prioritizing cloud security, many still need to rethink their approach to protecting data. Fortunately, there are cloud security solutions that can make the task incredibly simple.”