A few years ago, companies were reluctant to adopt cloud computing because they thought a lack of physical access to the network would deprive them of control over their data. A major shift occurred when they understood that, with suitable configuration and security, cloud computing offers serious benefits.
The number of services moving to the cloud is rising particularly due to the popularity of Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS), but data center and attack surface visibility are still among the top concerns in cloud computing, according to the 2018 Cloud Threat Report from Oracle and KPMG. Enterprises must immediately detect errors and weaknesses in cloud service infrastructure, but they are not ready to address the challenges by properly securing the infrastructure which keeps scaling out. 38 percent name this as their main concern, even though as many as 90 percent say more than half of the data they keep in their cloud is sensitive information, so you would expect them to be more prepared.
The top security challenges reported are detecting and reacting to security incidents in the cloud (38%), an overall lack of visibility across their data center and endpoint attack surface (27%), reduced collaboration between security and IT operations teams (26%), a deficiency in unified policies across disparate environments (26%), a shortage in funding for cybersecurity initiatives (26%), no visibility or control over cloud application usage (25%), a lack of skills and qualified staff (23%), no leadership and executive focus on cybersecurity priorities (21%) and no compliance standards (17%).
The broad adoption of cloud services has not only brought benefits such as data security and encryption, regular backups, cost reduction, flexibility and global reach, but also an increased number of cybersecurity threats and challenges, such as cryptojacking, that organizations struggle to solve before they get worse. The more cloud infrastructures scale out, the more issues arise in enforcing precise standards.
In the past year alone, cryptomining attempts have tripled, claims a report from RedLock, while 25 percent reported cryptojacking activity in their infrastructure. According to the Cloud Threat Report, 66 percent of businesses dealt with a critical operations interruption in the last 24 months.
Insider threats are still among the top challenges that enterprises can’t resolve. 82 percent of security professionals are genuinely worried employees do not follow security guidelines, but they plan to increasingly automate security. 47 percent resort to machine learning algorithms to enhance infrastructure security and prevent data breaches, while 41 percent rely on a cloud security architect.
When asked which areas require immediate improvement in security visibility, 30 percent of respondents pointed to identifying software vulnerabilities and identifying non-compliant workload configurations. System level activity audit (27%) and privileged user account activity audit (26%) were also mentioned, as well as an alert system for anomalies in workload activity (26%).
Securing corporate data and cloud computing platforms is a challenge now that EU’s privacy regulation, GDPR, has come into effect. As many as 95 percent of the companies claim their cloud strategies will be significantly influenced by GDPR.