Australian firms need to rethink their cloud security
More than half of large Australian businesses have misplaced confidence in their cloud providers’ security, believing it is sufficient to protect them from cloud-based cyber threats, according to a new study.
The research — released by Palo Alto Networks (PAN) on 24 October — explored the state of cloud security in businesses with more than 200 employees across the Asia Pacific.
Regionally, 70% of large organisations held the same belief about cloud providers’ security; however, PAN’s Vice President and Regional Chief Security Officer, Asia Pacific and Japan, Sean Duca, believes that “organisations need to recognise that cloud security is a shared responsibility”.
“While cloud providers are responsible for the security of their infrastructure, the onus is on companies themselves to secure their data and applications stored in that infrastructure,” he said.
Despite the high levels of confidence in cloud providers’ security, Australian businesses are still implementing their own cloud security measures, with 52% using more than 10 tools simultaneously. Though this might seem an effective way to combat new and emerging threats, PAN warned that using multiple tools creates a fragmented security posture and makes managing security more difficult — especially if the companies are using multiple clouds.
PAN added that multicloud environments already carry increased risks — where their interconnected nature means a security breach in one cloud can become an entry point to another while their disjointedness creates a lack of visibility, making it harder to address cybersecurity threats across their clouds and their whole IT environment.
As a result, the study calls for organisations to have a central console that uses technologies such as artificial intelligence (AI) to help prevent known and unknown malware threats and remediate accidental data exposure when it occurs.
PAN said the study also highlighted the need for large enterprises to use automation, as organisations lack time and resources for cloud security audits and training.
In fact, 87% of organisations have either never conducted a security audit or don’t do it on a yearly basis. Furthermore, more than a quarter of audits don’t include cloud assets and 79% of organisations only conduct internal audits, according to PAN.
Along with auditing, training is also lacking — with more than two-thirds of Australian organisations reporting they don’t provide cybersecurity training to IT security employees on a yearly basis and 86% of non-IT professionals missing out on annual cybersecurity training.
Despite this, PAN said it was encouraging to see 37% of Australian organisations use threat intelligence and analytics to identify new threats and take necessary action. A further 16% have equipped themselves with real-time threat monitoring capabilities.
To best protect against cyber threats, the company said organisations need to build security into the cloud environment from adoption; develop consistent security policies across all types of cloud deployments; and implement them using tools that provide a unified view of all cloud assets and the threats they face.
They should also bridge the gap between highly controlled security teams and agile development teams to help smooth out deployment and scalability; increase audits and training for IT and non-IT professionals; and automate threat intelligence with natively integrated, data-driven, analytics-based approaches to avoid human error.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
Robert H Dennard, the inventor of DRAM, has been awarded the semiconductor industry's top...
The Australian Cyber Security Centre is continuing to monitor the cyber threats posed by the...
Microsoft has announced a range of security enhancements aimed at providing "endpoint...