The demand to secure cloud services, already high due to digital transformation investments, grew even more following the big push to work from home as a result of the novel coronavirus pandemic. So it’s no wonder cloud security is on the minds of so many organizations.
According to a new survey from the Cloud Security Alliance, and sponsored by Proofpoint, 83% of respondents cite security as a top priority for improvement. About 90% of those surveyed are already using or plan to use a cloud security broker, yet half of the respondents said that they don’t have the staff to take full advantage of cloud security products. Another 34% cited cloud security product complexity as an inhibitor to adoption.
When it comes to cloud access security brokers (CASB), 55% of respondents said that they use their CASB to monitor user behaviors, and 53% to obtain better transparency into unauthorized access. The CSA conducted the survey online from March to May of this year and was submitted to more than 200 IT and security professionals from organizations of various sizes and in differing locations.
Not only did cloud security take top priority, at 83%, but it also took top priority by a considerable margin—application security came in as the second priority, at 43%, and endpoint security was third, at 37%.
Respondents were asked where their users store their sensitive information, and by far, Microsoft Sharepoint took the top spot at 69%, followed by Azure (47%), Amazon Web Services (40%), Google Drive (31%) and ServiceNow (27%). “It should be noted that 84% of respondents selected more than one location. This indicates that the sensitive data that security professionals are aware of is spread out among multiple cloud services,” the report said.
The essential CASB features, professional security respondents said, are the ability to discover sensitive data, locate and track cloud services used and direct user activity—each ranked as high importance. “The same security professionals were also asked about how they utilize their CASB for visibility. The top reported answers were ‘monitoring user behaviors (55%) and unauthorized access’ (53%). … Though there are many visibility features being leveraged with CASBs and it is a common use case, few features are heavily utilized consistently,” the report said.
Interestingly, about one-third (29%) of respondents use multiple CASBs.
Finally, the report exposed some concerns surrounding CASB effectiveness in multi-cloud cloud environments across infrastructure and platform-as-a-service environments. Respondents only rated CASB effectiveness in this use case, on average, as “medium.” “Couple this finding with the findings that organization’s sensitive data is stored in IaaS and PaaS platforms like AWS and Azure, this indicates that this is likely an area of confusion and security professionals may be struggling to utilize their CASB for these purposes either due to the lack of staffing or expertise or perhaps the complexity of the product,” the report said.