For years, the cloud has been changing the way enterprises work. But we’re now at where the cloud doesn’t merely help the business. Today, the cloud is the business. Put simply, it’s the way we get things done.
That transformation has helped enterprises. But it also brings with it a serious set of cyber security challenges, including a lack of visibility into corporate infrastructure, the difficulty of protecting complex, heterogeneous IT environments, and a growing number of attack surfaces.
What are the real cloud security challenges your enterprise faces — and what can you do about them? The best place for an in-depth look is Symantec’s 2019 Cloud Security Threat Report. And for solutions, turn to Symantec’s Zero Trust cloud security. I’ll cover both in this blog post.
For the Cloud Security Threat Report, Symantec surveyed 1,250 security decision makers worldwide to understand the shifting cloud security landscape, the scope of shadow IT and shadow data usage, and to gauge the maturity of security practices as enterprises transition to the cloud.
We found that the complexity in the way the cloud is used creates serious visibility problems for IT. Tracking these cloud workloads is a universally recognized problem. Ninety three percent of survey respondents report they have issues keeping tabs on all their cloud workloads. And the problem will continue to grow rapidly.
Most IT and SecOps organizations are underestimating the amount of cloud in use and it’s growth rate. According to the survey, the average organization believes its employees are using 452 cloud apps. However, according to Symantec’s own data, the actual number of shadow IT apps in use per organization is nearly four times higher, 1,807. The survey found cloud app deployment increased 16 percent over the past 12 months and is expected to surge 22 percent in the next year. Given the significant underestimation of apps in use coupled with the rapid growth rate, organizations are facing a mounting challenge to secure their migration to the cloud.
Apps aren’t the only problem. The cloud makes it easy for enterprises to lose control of their data. Oversharing cloud files containing sensitive and compliance-related data was cited as a problem by 93 percent of respondents. Additionally, according to the survey, respondents are underestimating the risks associated with compromised accounts by a factor of 8.
The survey also found companies aren’t able to adapt their security to their increasing cloud use. More than half of respondents (54 percent) say their organization’s cloud security hasn’t been able to keep up with the expansion of their use of new cloud apps.
Because of organizations’ immaturity in cloud security, enterprises often underestimate the scale and complexity of cloud attacks. The survey found DDOS attacks and cloud malware injections are the three most commonly investigated cloud security incidents. And while they struggle with stopping data breaches, internal Symantec data also indicates that unauthorized access threats account for the bulk of such incidents (64 percent.) That shows that organizations’ security culture and behavior are struggling to keep pace with the shift to cloud. Indeed, Symantec internal data shows that 85 percent of companies are not using best cloud security practices as outlined by the Center for Internet Security.
What to Do Next
The cloud is the center of IT and increasingly, the foundation for cyber security. Understanding how threat vectors are shifting in the cloud is fundamental to making the necessary updates to your security program and strategy. Symantec’s Cloud Security Threat Report shines a light on how to secure the digitally transformed, virtual organization of today and tomorrow, so check out the report here. For a in-depth look, register for the webcast I’ll be presenting on July 25 with Jim Reavis, Co-Founder and CEO, Cloud Security Alliance.