More than one third of companies face issues detecting and responding to cloud security incidents, according to Oracle and KPMG.
- 90% of firms say at least half of their cloud data is sensitive information. — Oracle and KPMG, 2018
- 38% of cybersecurity and IT professionals report issues detecting and responding to cloud security incidents. — Oracle and KPMG, 2018
The shift to the cloud is becoming a business imperative for the majority of companies, as 87% of public and private organizations now have cloud-first initiatives in place, according to a Thursday report from Oracle and KPMG. While the cloud offers benefits such as cost savings and the ability to move faster on certain projects, it also creates an increasingly complex threat landscape for organizations to navigate, the report noted.
Of the 450 cybersecurity and IT professionals worldwide surveyed in the report, the vast majority—90%—said that at least half of their cloud data is sensitive information. Keeping this information secure is tantamount, and 41% of organizations said they now have a dedicated cloud security architect on staff.
However, 38% of respondents said they face issues detecting and reacting to threats in the cloud—the most frequently cited security problem, the report found. Other top concerns were lack of visibility across the data center and endpoint attack surface (27%), lack of collaboration between security and IT operations teams (26%), and lack of unified policies across disparate environments (26%).
The rise of the cloud has also created more security challenges due to shadow IT, the report found. While 97% of organizations surveyed said they require cloud services to be approved by the IT/security team, 82% expressed concern that employees and teams were violating those policies.
When security incidents do arise, they have a major impact on businesses: 66% of companies said they had suffered a significant business operations interruption in the past two years, according to the report.
The rise in cyber threats and a lack of qualified security professionals has led 47% of organizations to use machine learning for cybersecurity purposes, the report found. Some 84% of companies said they are committed to increasing levels of security automation as well.
Outside of tools, a security approach that focuses on people and processes tends to deliver the best results, the report found. When asked what actions had the most positive impact on improving an organization’s security posture, the majority of respondents (31%) said increasing employee awareness and training programs. Other top actions were increasing security budgets (29%) and training security teams on new threat types and best practices (29%).