Cloud safety a cause for concern, research shows
It is increasingly difficult for Australian IT departments to keep the cloud safe, according to a new report.
“Snowballing adoption of cloud services combined with shadow IT and a skills shortage has amplified traditional challenges and will introduce new ones,” said Intel Security APAC Vice President Daryush Ashjari.
“These challenges can drastically slow down the adoption rate and the effectiveness of cloud services. Technology plays a key role here to improve visibility and controls. Cloud access security brokers (CASBs) will become a must-have capability to address these needs going forward.”
Due to the ease of procurement, just over 40% of cloud services are now commissioned without the involvement of IT; however, visibility of these Shadow IT services has increased from about 50% in 2016 to just 53% in 2017. As a result, 77% of IT professionals think this phenomenon is interfering with their ability to keep the cloud safe and secure. This is not surprising given the amount of sensitive data now being stored in the public cloud.
However, the trust and perception of public cloud services continues to improve year over year. Most organisations view cloud services to be at least as, or more, secure than private clouds, and more likely to deliver lower costs of ownership and overall data visibility.
Those who trust public clouds now outnumber those who distrust public clouds, with 40% of employees trusting them and only 30% mistrusting public clouds. Improved trust and perception, as well as increased understanding of the risks by senior management, is encouraging more organisations to store sensitive data in the public cloud.
Personal customer information is the most likely type of data to be stored in public clouds, kept there by 75% of those surveyed.
The ongoing shortage of security skills is continuing to affect cloud deployments. Almost half of the organisations surveyed report that the lack of cybersecurity skills has slowed adoption or usage of cloud services, possibly contributing to the increase in shadow IT activities. Another 33% report they are experiencing a scarcity but are continuing with their cloud activities regardless.
According to Intel Security, attackers will look for the easiest targets, regardless of whether they are public, private or hybrid. Integrated or unified security solutions that provide visibility across all of the organisation’s services could be the best defence.
User credentials, especially for administrators, will be the most likely form of attack. Organisations need to ensure they are using authentication best practices, such as distinct passwords, multifactor authentication and even biometrics where available.
Security technologies such as data loss prevention, encryption and cloud access security brokers remain underutilised. Integrating these tools with an existing security system increases visibility, enables discovery of shadow services and provides options for automatic protection of sensitive data at rest and in motion throughout any type of environment.
Organisations also need to evolve towards a risk management and mitigation approach to information security. They should consider adopting a Cloud First strategy to encourage adoption of cloud services to reduce costs and increase flexibility, and put security operations in a proactive position instead of a reactive one.
The ASD has released an open source version of its data visualisation and analysis tool,...
WaterNSW has deployed Microsoft Azure, Dynamics 365 and Office 365 to unify its operations,...
Oracle has announced plans to open a new Generation 2 Cloud data centre in Sydney by the end of...