With the number of employees working from home or other remote locations skyrocketing, there has been a huge rise in the use of cloud applications and services and, according to research from Enea, a commensurate increase in risky behaviours and a further blurring of the lines between personal and corporate IT resources.
The study, from the telecoms and cyber security software provider and Cybersecurity Insiders, involved a survey of chief information and security officers (CISOs) and other IT security practitioners from the latter’s 400,000-member information security community.
The survey found that the business use of personal devices was the working-from-home practice seen as carrying the greatest security risk, followed closely by the use of infrastructure as a service (IaaS). As regards cyber threats, malware infections and data loss were the top cloud/software-as-a-service (SaaS) concerns, cited by 77% and 72% of respondents, respectively. File sharing and hosting services (72%) and cloud email (57%) were perceived as the top cloud/SaaS attack vectors.
An overwhelming majority of survey participants were concerned about public cloud security, with more than half saying they were “very” or “extremely” concerned. This aligns with previous Cybersecurity Insiders surveys, indicating that concern about cloud security remains stubbornly high, said the company.
In response to concerns about the cloud and SaaS related to the working-from-home trend, companies are planning to make considerable new investments in security measures. Specifically, 90% of respondents reported plans for new cloud-based security systems, and 82% intended to make new investments in on-premise security.
Among planned investments, 35% of companies will join the 28% who have already done so in deploying virtualised, software-defined wide area networks (SD-WAN) to provide unified connectivity across home, branch, edge, datacentre and multicloud infrastructure.
A quarter of respondents also plan to subscribe to a secure access service edge (SASE) system, joining the 17% who have already adopted SASE, which incorporates or integrates with SD-WAN to deliver unified networking and security as a cloud service, with the dynamic scaling and provisioning that accompany all SaaS technology.
Read more about cloud security
- Improve control plane security at your organisation by integrating a cloud security posture management tool into your existing multi-cloud strategy.
- While network security focuses on solely protecting networks, cloud security provides protection for networks, servers, containers, apps and more.
- Security tools from cloud vendors are convenient, but that doesn’t mean they are always the right choice. Learn how to decide when you should opt to use third-party security tools.
As the demand for technology such as SASE and SD-WAN increases, the survey showed a rising need for real-time, application-level network traffic visibility. Enea said it had seen increased interest by cloud networking and security suppliers in its flagship Qosmos ixEngine product.
“We are at a pivotal moment when the cloud is playing a more important role than ever, and yet CISO concerns over cloud security remain stubbornly high,” said Holger Schulze, CEO at Cybersecurity Insiders.
“This survey provides an excellent opportunity to better understand these concerns, and explore how companies, cloud service providers and cyber security solutions vendors can work together to maximise cloud security, and thereby unleash the full transformational power of the cloud for the modern digital enterprise.”