Cloud adoption just keeps climbing. Public cloud services are now used by 85% of IT and cybersecurity professionals, up from 57% in 2013. But could there be a security storm in the air?
Each year Oracle and KPMG produce the Oracle and KPMG Cloud Threat Report, based on a survey examining public cloud usage and cybersecurity measures. The latest findings show there’s plenty of confidence, but we see some mistakes more often than others – here are our top 5.
Cloud services can make security easier, but there are certain things they can’t do – like keep an eye on how careful employees are with their credentials. It’s best to clear on responsibilities from the very beginning, so iron out what you’re responsible for and what your cloud provider will look after early on, to make sure there are no gaps.
One of the most common ways an organization can be breached is through an average employee. The most common attack vectors are phishing scams, and it takes just one person making one mistake to expose your company. In this case, it’s training (and not some fancy tool) that will make the difference.
Detecting and reacting to cloud threats is the top challenge for security organisations. But only 14% of the Cloud Threat Report respondents said they could analyse all relevant security event and telemetry data. This lack of insight is usually due to cloud services rolling out faster than SecOps can support. By removing manual processes and automating more responses to risks, you can help to relieve this problem.
Being compliant doesn’t necessarily mean you’re secure. Compliance is mainly about data confidentiality, integrity, and availability. But it’s still tricky to meet compliance goals without an expert leading the way. It’s wise to make sure there’s one person who can look at the whole picture – at a global level if necessary – and work out the best way to meet compliance responsibilities.
In the name of speed, lines of business often rush rolling out cloud services, without involving security operations. And that can mean failing to meet basic security requirements. Leadership is the answer. By having one person who oversees deployments, teams can roll out efficiently while still keeping the organisation protected.