More than half of firms struggle with security as they adopt cloud

Cloud security

More than half (53%) of all enterprise compute workload has been migrated to the cloud, but security practices are struggling to keep up as over half (54%) of enterprises indicate their organization’s cloud security maturity is not able to keep up with the rapid expansion of cloud apps.

These are among findings of Symantec’s survey of 1,250 security decision makers across the globe.

“The adoption of new technology has almost always led to gaps in security, but we’ve found the gap created by cloud computing poses a greater risk than we realize, given the troves of sensitive and business-critical data stored in the cloud,” said Nico Popp, SVP for cloud and information protection at Symantec.

“In fact, our research shows that 69% of organizations believe their data is already on the Dark Web for sale and fear an increased risk of data breaches due to their move to cloud,” Popp added.

He said the latest survey shows that it’s not the underlying cloud technology that has exacerbated the data breach problem – it’s the immature security practices, overtaxed IT staff and risky end-user behavior surrounding cloud adoption.

Lack of visibility into cloud workloads is the leading cause of security incidents — an overwhelming majority of respondents (93%) report issues with keeping tabs on all cloud workloads. Results show that 65% of organisations fail to implement MFA in IaaS configurations and 80% don’t use encryption.

Also, one of the biggest challenges for security teams attempting to get a handle on the cloud is rampant risky user behaviour. As a result of, sensitive data is frequently stored improperly in the cloud, making enterprises more susceptible to breach.

Common risky behaviour include using weak passwords (37%), using poor password hygiene (34%), using unauthorised cloud apps (36%), and connecting with personal devices (35%).

According to Symantec, investment in cloud cyber security platforms that leverage automation and AI to supplement visibility and overtaxed human resources is a clear way to automate defenses and enforce data governance principles.

However, it is also time to recalibrate culture and adopt security best practices at a personal level.