Cloud Security Perspectives and Insights

Enabling a Security-First Culture with the Oracle and KPMG Cloud Threat Report

Greg Jensen
Sr Principal Director - Security - Cloud Business Group

2020 was a year that didn’t start off with the traditional drum beat of risks and threats. Since our global survey of 750 participants concluded, we have seen various events take place that have dramatically changed the way we work, the way we remain competitive in these global conditions, and how we look for new business opportunities in the midst of uncertain times. Digital Transformation (DX) is not a new term for most businesses, but it is one that is quickly reinventing global organizations to pivot their sales execution models and the way they service their customers to meet these new demands.  Enter, the 2020 edition of the Oracle and KPMG Cloud Threat Report.

This 3rd installment from Oracle and KPMG, that was recently announced, provides detailed insights into the key challenges, risks and opportunities that businesses are experiencing as they continue their cloud adoption trends.  We look at where cloud is finding success, as well as highlighting where risk and threats continue to grow and cause concern. A record number of respondents (75%) indicated that their high level of trust in the cloud exceeds that of their own data centers, which highlights the growing trend of budget and staffing shortfalls, as well as current capabilities to respond to emerging threats.

At the same time, 92% of respondents simply are not confident that they are managing their cloud strategy effectively within the context of security.This disparity is alarming and should be viewed as a call to action by the new wave of CISOs entering the industry this year where we see 73% of organizations are planning to hire a CISO with more cloud security skills than before.These CISOs will have their work cut out for them.  Businesses are being impacted by a lack of understanding in foundational elements such as the cloud shared responsibility security model. 67% of respondents do not feel comfortable in their knowledge of shared responsibility. This is a dramatic increase over 2019 (54%) which shows the knowledge gap is accelerating.


As businesses work to adopt new digital transformation indicatives, they are looking at rapid cloud adoptions to close immediate shortfalls in capabilities. Nearly 90% of companies are using software-as-a-service (SaaS) and 76% are using infrastructure-as-a-service (IaaS) with 50% expecting to move all their data to the cloud in the next two years.To achieve that, there must be a concerted effort to address the many challenges we found in this year’s report. 


Businesses are starting to face the realities, that configuration management challenges are not improving and placing mission-critical data at risk.  When businesses fail to understand their role in securing this cloud-resident data or have not fully adopted a DevSecOps program for cloud that works to resolve the ongoing stream of configuration and patching needs, they report an increase in data loss incidents. One solution cited is the use of automation where 88% of IT professionals feel that within the next three years, the majority of their cloud services will use this intelligent automation for patching and configuration management to improve security.


To better understand your organization’s role in securing this growing digital transformation initiative and how risk and threats can impact the overall success, we have taken this complex conversation and broken it down into five strategic reports. This year’s Oracle and KPMG Cloud Threat Report is the first in this series, followed by 4 additional reports that pick up where the CTR leaves off, and drives readers into a more granular conversation around these key topics:

-Demystifying the cloud security shared responsibility model

-The business impact of the modern data breach

-Addressing cyber-risk and fraud in the cloud

-The mission of the cloud-centric CISO

You can view the report for free from Oracle, or visit us at www.Oracle.com/ctr to pre-register for additional reports in the CTR series.  Look forward to hearing your feedback on this year’s Oracle and KPMG Cloud Threat Report!

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.