As cyber-attacks increase, companies continue to transfer all important data to the cloud, according to the second annual Cloud Report by Oracle and KPMG. The report found that 72 percent of respondents prefer to transfer their data to the cloud, considering the cloud to be safer than their own data center. However, the relationship between how and where data is stored increases the lack of transparency and makes it harder for companies to understand how their information is managed in the cloud.
The survey found that between 2018 and 2020 there is a 3.5 times increase in the number of organizations that will hold more than half of cloud data. Approximately 71 percent of organizations have indicated that most information stored in the cloud is sensitive information, which has raised the number of such information by 50 percent over the previous year. However, the vast majority (92 percent) of the respondents indicated that they are concerned about employees who follow the cloud policies designed to protect this data.
The report found that the critical nature of cloud services has turned cloud security into a key strategic point. Cloud services are no longer used as ‘nice to have’ tertiary IT elements – they serve key functions for all aspects of business operations. The 2019 report identifies more areas where organizations may encounter security threats when using cloud services.
- Confusion generated by the CSR has resulted in cyber and security incidents. The report found that 82 percent of cloud users faced security challenges because of the confusion generated by the division of responsibility between departments. While 91 percent of users have official cloud-based methodologies, 71 percent said they are worried about employee compliance, leading to malware attacks and data theft.
- Central Security Intelligence Officers (CISO) are frequently confronted with the cloud security limit. About 90 percent of the central security officers are confused about their role in securing software as a service (SaaS), compared to what cloud services provide.
- Visibility remains the most important safety challenge. Timely detection of the problem and pro-activity against cloud security incidents accounts for 38 percent of the respondents the greatest threat they face in cyber security. Approximately 30 percent cite the incapacity of existing network security protocols to provide visibility to the workload of the host server as a security issue.
- Using cloud by unauthorized people and lack of security controls endangers the data. Following the report, 93 percent of respondents said they still have “shadow IT” – an activity where employees use unauthorized storage devices or file transfer programs for sensitive business information. Half of the organizations said the lack of security controls and the wrong configurations are the reasons why they face fraud and leakage. For 26 percent of the organizations that responded to the study, unauthorized use of the cloud is the biggest challenge for today’s cyber security.
“The most important data across the world is making its cloud transition, increasing the need for a coordinated, integrated, and stratified security strategy,” said Kyle York, vice president of product strategy, Oracle Cloud Infrastructure. “By building a cloud platform around data security and applying Artificial Intelligence (IA) to protect data, we eliminate the burden of administrative burdens and incomplete actions and help organizations to protect their most important assets – their data.”
“As organizations continue to change their thinking about strict risk management for cyber security and are moving more towards business innovation and growth, it is important for organizations’ leaders to align their business and cyber security strategies,” said Tony Buffomante, KPMG LLP Security Services Director for the US. “The more cloud services will integrate operations, the more will be the need to improve security and integrate cloud security more broadly into strategy plans to mitigate the risks to which organizations are exposed.”
- Automation can lessen the chronic problems generated by patching: About 51 percent of respondents said patches have experienced delays in their IT projects, and 89 percent of organizations want to use a patch automation strategy.
- Machine learning can help reduce cyber-attacks: About 53 percent of participants use machine learning to diminish cyber-attacks, while 48 percent use a multiple authentication solution that automatically triggers the second authentication step if detects unusual user behavior.
- Risks in the supply chain: Businesses deemed to be crucial should be closely monitored. Due to some compromises in the supply chain, about 49 percent of cases reported malware. Unauthorized access to sensitive business information was reported in 46 percent of cases.
- Cyber-attacks continue to grow while confusion generated by shared cloud security actors is expanding: only 1 in 10 organizations can analyze more than 75 percent of cyber-attack data and 82 percent of cloud users have experienced cyber-attacks because of the confusion generated by the shared responsibility model between people with roles and functions in other business areas.
- Adoption of the cloud has expanded the core-to-edge threat model: As workplace outreach increases, employees can access basic programs, cloud-based applications as well as sensitive information either from the office or outside secured systems, which dramatically complicates how IT professionals have to address the risk and exposure of this information. If in 2018 the largest investments were allocated in training, this year’s training has come down to second place and replaced by edge-based security controls (for example, WAF, CASB, Botnet / DDoS of risk mitigation).
The Oracle and KPMG report on cloud threats in 2019 examines emerging cyber challenges and emerging risks that companies face when they are deployed at an accelerated pace of cloud services. The report provides industry leaders with various important insights and recommendations on cyber security and their importance for business. The data in the report is based on a survey of 450 cyber security and IT professionals from private and public organizations in North America (United States and Canada), Western Europe (UK) and Asia (Australia and Singapore).