A new report from Symantec shows that cloud security has a long way to go. The company surveyed 1,250 security decision makers and found that organizations have reached a tipping point: more than half (53%) of all enterprise compute workload has been migrated to the cloud. However, security practices are struggling to keep up – over half (54%) indicate their organization’s cloud security maturity is not able to keep up with the rapid expansion of cloud apps.
73% of organizations that have migrated all or part of their processes to the cloud say they have experienced a security incident due to immature practices. Lack of visibility into cloud workloads is the leading cause – an overwhelming majority of survey respondents (93%) report issues with keeping tabs on all cloud workloads. The report shows that few organizations can correctly state how many cloud applications they use on average, opening the door for insider threats and poor configurations. Many organizations also fail to use multi-factor security authentication which could cut down on unauthorized access.
Report data also shows that IT teams are unable to respond effectively to the increasing complexity of technology services. Many organizations have a mixture of environments including public cloud, private cloud, hybrid, and on-prem all of which require unique security responses. Given this, it’s not surprising that the CSTR revealed 25% of cloud security alerts go unaddressed. A majority (64%) of the security incidents occur at the cloud level, and more than half of respondents admit they can’t keep up with security incidents. A further 83% feel they do not have processes in place to be effective in acting on cloud security incidents.
“The adoption of new technology has almost always led to gaps in security, but we’ve found the gap created by cloud computing poses a greater risk than we realize, given the troves of sensitive and business-critical data stored in the cloud,” said Nico Popp, senior vice president, Cloud & Information Protection, Symantec in a statement on the report.
One of the biggest challenges for security teams attempting to get a handle on the cloud is rampant risky user behavior. According to report respondents, nearly one in three employees exhibit risky behavior in the cloud, and Symantec’s own data shows 85% are not using best security practices. As a result of these risky behaviors, sensitive data is frequently stored improperly in the cloud, making enterprises more susceptible to breach. 93% of respondents say oversharing is a problem, estimating that more than a third of files in the cloud should not be there. Additionally, the cloud is not immune to the risky behavior that plagued past technologies – respondents report users with weak passwords (37%) using poor password hygiene (34%), using unauthorized cloud apps (36%), and connecting with personal devices (35%) as common risky behavior.
Symantec says that in order for organizations to get a handle on security concerns, they’ll need to invest heavily in security. That investment should include technology as well as people. Many organizations will also need to conduct a full audit of their technology to understand what they have and the potential vulnerabilities.
The full report can be accessed here.