Nearly half of firms fear cloud apps make them insecure
Survey shows more than one-third of global companies appoint a CISO in the face of data breaches, and the UK is giving CISOs more power despite making fewer appointments
Cloud applications are a crucial part of day-to-day business operations, but 97% of IT leaders believe cloud access management is necessary to continue their cloud adoption, a survey shows.
At the same time, 49% of more than 1,000 IT decision-makers polled in 11 countries believe cloud apps make them a target for cyber attacks, with that figure dropping only slightly to 42% in the UK.
However, despite four in 10 organisations appointing a chief information security officer (CISO) due to concerns over data breaches in the past 12 months, and 79% of respondents saying CISOs are responsible for selecting the solutions their company has in place, just one in 10 are given the final decision on cloud access management.
In fact, companies are more likely to put their faith in a traditional IT role, CIOs (48%), when dealing with this, suggesting a disconnection between the decision-making and implementation surrounding cloud security, according to the Thales’ 2019 access management index.
Although the study reveals that only 33% of UK firms have appointed a dedicated CISO due to concerns about data breaches compared with 38% globally, 19% of UK businesses give final decision-making power over cloud access management to the CISO, compared with just 14% globally.
Jason Hart, cyber security expert at Thales, said it is positive to see the UK ahead of its counterparts in using the right expertise in the right places.
"Giving CISOs the final decision on cloud access management is the most logical thing because they have the situational awareness to understand the risks facing the business and how to stop it more than anyone else. However, being ahead of the global average isn’t enough as a huge majority are still not giving the CISO or equivalent the final say, leaving most UK businesses exposed in the long run."
The research shows that globally, cloud applications (49%) are listed in the top three reasons that an organisation might be attacked, after web portals (50%).
However, taking top spot among concerns is unprotected infrastructure such as IoT (internet of things) devices (54%), but this figure is slightly higher in the UK at 63%.
“The findings clearly show concerns surrounding cyber attacks when deploying cloud application,” said Tina Stewart, vice-president, market strategy for cloud protection and licensing activity at Thales.
“Trusted access to the cloud is key to our customers’ digital transformation, but without adequate investment in a dedicated CISO office, organisations will lack the leadership required to implement the correct security strategy or solutions to keep them secure in the cloud,” she said.
Read more about cloud security
- Transitioning to cloud-based services offers businesses an opportunity to improve security capabilities, but only if they adopt a proactive cloud-native approach, says Palo Alto Networks cloud security expert.
- When choosing a cloud security provider, enterprises need to consider the level of data privacy and data security risk involved.
- Cloud-based business initiatives are accelerating more rapidly than security teams can secure them, a survey reveals.
- Guidelines from the Ministry of Justice aim to avoid potential cloud security issues such as S3 ‘leaky buckets’.
Positively, the findings show that the growing awareness of consumer data breaches has led to organisations taking action, with most organisations polled (94%) saying they have changed their security policies around access management in the past 12 months. The biggest areas of changes have focused around staff training on security and access management (52%), increasing spend on access management (45%), and access management becoming a board priority (44%).
In spite of the updates to security policies, the vast majority of IT leaders (95%) believe ineffective cloud access management is still a concern for their organisation. The biggest concerns include its impact on security (48%), IT staff time (44%) and on operational overheads and IT costs (43%). When it comes to implementing access management solutions, they cited costs (40%), human error (39%) and difficulty integrating them (36%) as the biggest obstacles.
The survey shows that 75% of organisations already rely on access management to secure their external users’ logins to online corporate resources. In particular, two-factor authentication is the most likely (58%) tool to be seen as effective at protecting cloud and web-based apps, followed by smart single sign-on (49% globally and 55% in the UK) and biometric authentication (47%).
“While organisations are getting to grips with access management solutions, IT and business decision-makers must ensure they understand the risks to their cloud solutions in order to implement the relevant ones,” said Stewart.
“These solutions must be perimeter-free, compatible with a zero-trust model and flexible and adaptive in order to make the most of the latest technologies, such as smart SSO. Without effective access management tools in place, organisations face a higher risk of breaches, a lack of visibility, and incur extra costs from poorly optimised cloud.”