If you think worries about cyber security in the cloud are dissipating as cloud services continue to proliferate, you’re mistaken. IT and security executives remain quite concerned about threats—maybe even more so than in the past.
A report released by research firm Gartner Inc. in August 2018 said cloud computing ranks as the top risk concern for executives in risk, audit, finance, and compliance. A number of new risks, including cyber security disclosure and compliance with the new General Data Protection Regulation (GDPR), make cloud offerings susceptible to unexpected security threats, the report noted.
For Gartner’s latest quarterly Emerging Risks Report, 110 senior executives at large global organizations identified cloud computing as the top concern for the second consecutive quarter. Additional information security risks, such as cyber security disclosure and GDPR compliance, ranked among the top five concerns of the executives surveyed.
Social engineering and GDPR compliance were cited as most likely to cause the greatest enterprise damage if not adequately addressed by risk management leaders, according to the report.
Executives should expect cyber security threats to affect organizations in unpredictable ways, Gartner said. Through 2022, at least 95% of cloud security failures will be the fault of the organization, it said. As more sophisticated tactics such as social engineering are deployed to compromise sensitive data, organizations should expand their cyber security teams to address evolving digital risks.
Organizations are correct to expand cloud services as part of their digital business initiatives, noted Matthew Shinkman, practice leader at Gartner. But they need to ensure their cloud security strategy keeps up with this growth. Leaders need to start by clearly identifying their most at-risk areas, he said.
In another, detailed report released earlier this year, Crowd Research Partners noted that there is a lack of qualified security staff that’s becoming worse even as cloud security concerns rise.
The 2018 Cloud Security Report is based on a comprehensive online survey of cyber security professionals in the 400,000-member Information Security Community on LinkedIn.
While adoption of cloud computing continues to surge, the report said, security concerns are showing no signs of abating. Reversing a multi-year downward trend, nine out of 10 cyber security professionals said they are concerned about cloud security, up 11% from the previous year’s cloud security survey.
The top three cloud security challenges include protecting against data loss and leakage (cited by 67%), threats to data privacy (61%), and breaches of confidentiality (53%).
Misconfiguration of cloud platforms was the number one threat to cloud security, mentioned by 62% of the survey respondents. That was followed by unauthorized access through misuse of employee credentials and improper access controls (55%), and insecure interfaces/APIs (50%).
As more workloads move to the cloud, cyber security professionals are increasingly realizing the complications of protecting these workloads, the report said. The top three security control challenges security operations centers (SOCs) are struggling with are visibility into infrastructure security (43%), compliance (38%), and setting consistent security policies across cloud and on-premises environments (35%).
Only 16% of organizations said the capabilities of traditional security tools are sufficient to manage security across the cloud, a 6% decrease from the previous survey. A large majority (84%) said traditional security solutions either don’t work at all in cloud environments or have only limited functionality.
Cyber security professionals are struggling with gaining visibility into cloud infrastructure security (43%), compliance (38%), and setting consistent security policies across cloud and on-premises environments (35%).
For the second straight year, training and certification of current IT staff (56%) ranked as the most popular path to meet evolving security needs. Half of the respondents use their cloud provider’s security tools, and 35% deploy third-party security software to ensure the proper cloud security controls are implemented.
Encryption of data at rest (64%) and data in motion (54%) topped the list of the most effective cloud security technologies, followed by security information and event management (SIEM) platforms (52%).
At least organizations are spending more on cloud security. According to the survey, nearly half of the organizations (49%) expect cloud security budgets to increase, with a median budget increase of 22%.
“While workloads continue to move into the cloud, the study reveals that cloud security concerns are on the rise again, reversing a multi-year trend,” noted Holger Schulze, CEO of Cybersecurity Insiders and founder of the 400,000-member Information Security Community on LinkedIn. “With half of organizations predicting a rise in cloud security budgets, protecting today’s cloud environments [requires] more and better trained security professionals and innovative, cloud-native security solutions to address the concerns of unauthorized access, data and privacy loss, and compliance in the cloud.”