Protecting sensitive data in the cloud is a big concern among organizations, with more than one in four (26 percent) citing a lack of unified policies across disparate infrastructure as a top challenge.

That’s according to the Oracle and KPMG Cloud Threat Report, 2018. The survey of 450 global IT professionals shows that organizations are struggling to protect their data amid a growing number of security breaches. Ninety percent of information-security professionals classify more than half of their cloud data as sensitive, and while 97 percent have defined cloud-approval policies, 82 percent are concerned about employees following these policies.

Oracle’s Greg Jensen

Greg Jensen, senior principal director of security in Oracle’s cloud business group, tells Channel Partners the shift to agile applications in the hybrid cloud are taxing current security methodologies as organizations see an increase in events, users and alerts from a wider array of sources.

“Respondents come from a wide array of organizations, from SMBs to large enterprises across 21 industries,” he said. “A sample size this diverse provides a clear picture for partners and customers to see how organizations similar to their own are impacted and how each are responding to challenges. It also offers channel partners an opportunity to examine and discuss key motivations driving change inside businesses today, and open up a consultative discussion around how partners and customers can work together to enable a successful move to cloud.”

For enterprises storing sensitive data in the cloud, an enhanced security strategy is key to monitoring and protecting that data, according to the survey. Some 40 percent of respondents said detecting and responding to cloud-security incidents is now their top cybersecurity challenge. To address this challenge, four in 10 companies have hired dedicated cloud security architects, while 84 percent are committed to using more automation to effectively defend against sophisticated attackers.

“While the report highlights the dramatic growth of cloud usage, and how 87 percent describe their organizations as operating under a ‘cloud first’ culture, there were surprises,” Jensen said. “Most notable was that only 43 percent were able to correctly identify the separation of responsibilities between themselves and their cloud service provider. This is an education opportunity and the channel can help customers develop a clearer understanding of the ‘shared responsibility’ model.”

Only 14 percent of respondents are able to effectively analyze and respond to the vast majority (75-100 percent) of their security event data. Some 89 percent expect their organization to increase cybersecurity investments in the next fiscal year.

The EU General Data Protection Regulation (GDPR) will impact cloud strategies and service-provider choices, according to 95 percent of respondents who must comply.

In terms of how partners can help organizations with their cloud data-security challenges, Jensen said the best place to start is with a complete look at people, process and technology, and how the channel can enable a more security-positive engagement around each.

“For people, the report highlights that the No. 1 area for cyber spending is around end-user security training,” he said. “For process, 36 percent of respondents are challenged with multiple identity repositories and no central identity and access management (IAM) strategy. For technology, 66 percent cited the need for adaptive multi-factor authentication (MFA) upon detection of an anomaly. So clearly there are ways channel partners can support all of these fronts.”

“The pace of innovation and change in business strategies today necessitate flexible, cost-effective, cloud-based solutions,” said Tony Buffomante, KPMG’s U.S. leader of cybersecurity services. “As many organizations migrate to cloud services, it is critical that their business and security objectives align, and that they establish rigorous controls of their own, versus solely relying on the cybersecurity measures provided by the cloud vendor.”