Only 40% of organizations are confident in their ability to secure cloud data

According to a new survey from the Cloud Security Alliance, just under 4 in 10 organizations reported a high level of confidence in securing cloud data. (Photo by Leon Neal/Getty Images)

Cloud Security Alliance researchers reported Thursday that only 39% of organizations surveyed report having a high level of confidence in their ability to secure cloud data, while only 4% report sufficient security for 100% of their data in the cloud. the cloud.

The survey also revealed that third parties, contractors and suppliers are the groups most often targeted (58%) by cyberattacks. And some 92% of people who have experienced a data breach believe they will experience another cloud data breach in the next 12 months.

“Cloud data security is a priority for organizations of all sizes, which shows that many organizations are unprepared for the unique challenges of securing data in the cloud,” said Dimitri Sirota, co-founder and CEO of BigID, who worked with the CSA. “With the rapid growth of the cloud, it is critical that organizations take steps to improve their cloud data security posture.”

Dave Burton, CMO at Dig Security, added that the vast majority of organizations don’t even know what data they have and where it’s stored, so estimating how much of that data has sufficient controls is probably not an accurate number, c is a best estimate. Burton said that even for the 4% of organizations reporting sufficient security for all their data in the cloud, that position has already changed due to the elasticity of the cloud.

“Data should be continuously monitored not only for posture, but also for active threats against sensitive data,” Burton said. “Data detection and response complement data security posture management to ensure proactive controls are in place to protect data.”

John Bambenek, principal threat hunter at Netenrich, added that, like most new technologies, there was a rush in adoption before there was really an understanding of the risks and how to secure sensitive information. . There has always been frustration with change management controls, security reviews and audit controls that slow teams down, Bambenek said.

“Now with DevSecOps (where the Sec is silent), organizations have to settle for teams going straight to the cloud (or worse, shadow IT) where traditional tools like network security and DLP are limited. “Bambenek said. “Slogans such as ‘move fast and break things’ are considered ideal because those who move fast don’t have to face the consequences of what they break.”


Comments are closed.