Companies continue to move business critical workloads and their most sensitive data to the cloud. Yet, security challenges remain, according to the second annual Oracle and KPMG Cloud Threat Report 2019. It found that 72 percent of respondents feel public clouds, such as Amazon AWS, are safer than their data center; consequently, they are moving their data to the cloud. However, visibility gaps remain that can make it hard for businesses to understand where and how their critical data is handled in the cloud.
The survey also found a projected 3.5 times increase in the number of organizations with more than half of their data in the cloud from 2018 to 2020. 71 percent of organizations indicated that a majority of this cloud data is sensitive, up from 50 percent last year. However, the vast majority (92 percent) expressed concerns about employees not following cloud policies that protect this data.
The Oracle and KPMG report found that the mission-critical nature of cloud services has made cloud security a strategic imperative. Cloud services are no longer nice-to-have tertiary elements of IT—they serve core functions essential to all aspects of business operations. The 2019 report identified several key areas where the use of cloud service can present security challenges for many organizations.
Challenges defined by KPMG and Oracle
- Confusion about the shared responsibility security model has resulted in cybersecurity incidents. Eighty-two percent of cloud users have experienced security events due to confusion over the shared responsibility model. 91 percent have formal methodologies for cloud usage. 71 percent, however, are confident that employees are violating these policies. This leads to instances of malware and data compromise.
- CISOs are too often on the cloud security sidelines. Ninety percent of CISOs surveyed are confused about their role in securing a Software as a Service (SaaS) versus the cloud service provider environment.
- Visibility remains the top security challenge. The top security challenge identified in the survey is detecting and reacting to security incidents in the cloud, with 38 percent of respondents naming it as their top challenge today. Thirty percent cited the inability of existing network security controls to provide visibility into cloud-resident server workloads as a security challenge.
- Rogue cloud application use and lack of security controls put data at risk. Ninety-three percent of respondents indicated they are still dealing with “shadow IT”—in which employees use unsanctioned personal devices and storage or file share software for corporate data. Half of organizations cited lack of security controls and misconfigurations as common reasons for fraud and data exposures. Twenty-six percent of organizations cited unauthorized use of cloud services as their biggest cybersecurity challenge today.
Need for coordinated security strategy
“The world’s most important workloads are moving to the cloud; consequently heightening the need for a coordinated, integrated and layered security strategy,” said Kyle York, Oracle. “Starting with a cloud platform built for security and applying AI to safeguard data while also removing the burden of administrative tasks and patching removes complexity and helps organizations safeguard their most critical asset—their data.”
“Organizations continue to transition their cyber security thinking from risk management to business innovation and growth. Therefore, it is important that enterprises align their business and security strategies,” said Tony Buffomante, KPMG. “With cloud services becoming an integral part of business operations, there is an intensified need to improve the security of the cloud and to integrate cloud security into the organization’s broader strategic risk mitigation plans.”