Despite Cloud Popularity, Enterprises Still Struggle with Compliance and Security

As we’ve covered in depth here over the past few years, enterprises have moved to cloud in a big way, with the estimated size of the cloud computing market to have been $130 billion globally in 2017. But those organizations who have made the move, especially when it involves sensitive or

In 2017, the public cloud computing market is predicted to be worth around 130 billion U.S. dollars worldwide.

According to the most recent Frost & Sullivan IT Decision Maker Survey, the top three factors considered when choosing a cloud provider are, in order of importance: 45 percent security capabilities, 40 percent reliability and 27 percent cost.

The Frost & Sullivan 2017 Global Frost & Sullivan IT Decision Maker Survey, which consisted of 1,626 enterprise IT stakeholders, found the following leading benefits:

  • 46 percent say cloud helps to store large amounts of data; 
  • 38 percent say cloud provides greater flexibility in times of rapid growth and downsizing; 
  • 37 percent say cloud provides with access to advanced features/capabilities; 
  • 34 percent say cloud supplements in-house IT/telecom resources; and 
  • 33 percent say cloud eliminates the hassle of integrating multi-vendor products and solutions.

Still, when it comes to security, that leading concern, security, often comes down to visibility into what is happening within the cloud. According to CASB [FN] provider Bitglass’s report Cloud Hard 2018: Security with a Vengeance Report based on responses from 570 cybersecurity and IT professionals on cloud security. According to their findings visibility and compliance remain challenges, with only 44 percent of respondents saying that they have visibility into external sharing and DLP policy violations in their cloud application and environments.

Consider this: 85 percent of organizations said they were unable to identify anomalous behavior across cloud applications. Additionally, 84 percent of respondents say traditional security solutions don’t work or have limited functionality in the cloud.

“When asked about biggest security threats to their organization, most cited misconfigurations (62 percent) similar to the numerous AWS S3 leaks over the past year, followed by unauthorized access (55 percent). 39 percent said external sharing was the most critical threat while 26 percent highlighted malware and ransomware,” Bitglass said in this statement.

Key Report Highlights:

  • Less than half (44%) have visibility into external sharing and DLP policy violations. 
  • Only 15 percent of organizations surveyed can see anomalous behavior across apps.
  • While 78 percent have visibility into user logins, only 58 percent have visibility into file downloads and 56 percent into file uploads. To protect mobile data, 38 percent of organizations install agents and 24 percent use a trusted device model, where only provisioned corporate-owned devices are allowed access to company systems. 
  • 11 percent have no mobile access control solution in place, granting access to any smartphone or tablet.
  • 69 percent of organizations rely solely on endpoint solutions for malware protection, tools which cannot detect or block malware at rest in the cloud or employees’ BYO devices.

Perhaps some of these explain why we have witnessed so many cloud data leaks, such as last year’s Swedish data leak , or all of the Amazon S3 breaches detailed in our blog here. 



*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by George V. Hulme. Read the original post at: http://feedproxy.google.com/~r/BusinessInsightsInVirtualizationAndCloudSecurity/~3/XXeZOvdSpXc/cloud-enterprises-struggle-compliance-security