Symantec: Cybersecurity Capabilities Lagging in Cloud Adoption
Cloud adoption is rapidly accelerating, but effective cybersecurity has taken a back seat, prompting a high number of security incidents.
That’s according to Symantec‘s Cloud Security Threat Report, which shows more than half of all enterprise compute workloads have been migrated to the cloud while more than half of enterprises report their organization’s cloud security maturity is not able to keep up with the rapid expansion of cloud apps. Some 1,250 security decision makers were polled globally.
Kevin Haley, Symantec’s director of security response, tells us MSSPs can play a key role for organizations as they transition their businesses to the cloud.
“First, that transition takes a long time, so an organization needs to support both [its] legacy infrastructure while bringing up [its] cloud infrastructure,” he said. “In this hybrid world, risk of a cybersecurity issue is high — and the infrastructure is complex because organizations are using multiple point products and trying to integrate them together on their own. Second, there is a serious shortage of cybersecurity talent, so organizations can’t get the resources they need to protect their business. An MSSP [that] offers a platform with easy integrations … can offer expertise, talent and scalable cybersecurity, while reducing complexity and cost, reducing business risk, and speeding up their response to any cyberthreat.”
Ninety-three percent of respondents report issues with keeping tabs on all cloud workloads. While companies estimate they use approximately 450 cloud apps on average, the actual number is nearly four times higher — more than 1,800. As a result of these immature practices, including poor configuration or failing to use encryption or multifactor authentication (MFA), enterprises are facing an increased risk of insider threats, which is ranked by respondents as the third biggest threat to cloud infrastructure. The report shows 65% of organizations fail to implement MFA in IaaS configurations and 80% don’t use encryption.
With cloud adoption introducing increased complexity in how IT is deployed, IT teams are becoming overtaxed, according to the report. One in four (25%) cloud security alerts goes unaddressed. And while the majority of the security incidents occur at the cloud level, more than half of respondents said they can’t keep up with security incidents. What’s more, 83% feel they do not have processes in place to effectively respond to cloud security incidents.
Nearly one in three employees exhibits risky behavior in the cloud, and Symantec’s data show 85% are not using best security practices. As a result of these risky behaviors, sensitive data is frequently stored improperly in the cloud, making enterprises more susceptible to breach. Ninety-three percent of respondents said oversharing is a problem, estimating that more than one-third of files in the cloud shouldn’t be there. In addition, respondents report users with weak passwords (37%), using poor password practices (34%), using unauthorized cloud apps (36%), and connecting with personal devices (35%) as common risky behavior.
“This loss of control over critical information seems to be rampant in the cloud … highlighting the need for data loss prevention (DLP) technologies that span cloud environments,” Haley said.
Investment in cloud cybersecurity platforms that use automation and AI to supplement visibility and overtaxed human resources is a clear way to automate defenses and enforce data governance principles, according to Symantec. It’s also time to adjust culture and adopt security best practices at a human level.
“One of the most positive takeaways from the report is that we are past the tipping point in the enterprise,” Haley said. “The key stakeholders we surveyed for this report overwhelmingly understand and agree that they have a problem and are taking steps to address it. While the size and scope of the problem can be daunting, it is being tackled head-on as a priority by business and IT leaders. When 93 percent of respondents recognize that they need to enhance their cloud security skills, that understanding will hopefully lead to year-over-year improvement as this challenge is addressed.”