Available at: https://www.symantec.com/security-center/cloud-security-threat-report

Key report takeaways:

  • The gap between the perception of how much cloud services are being used in corporations and the reality is significant, with the reality being 300% greater than the perception
  • 84% of respondents noted the need for additional staff to manage and secure their cloud environments
  • Only 1 in 10 felt that they are able to adequately analyze cloud traffic
  • An estimated 28% of company’s employees engage in high risk behavior that puts cloud assets at risk
  • 65% of respondents have failed to implement MFA for access to their cloud environments

Commentary:

Symantec’s first Cloud Security Threat Report highlights the challenges that corporations face as they increasingly move their computing workloads to the cloud, and illustrates why cloud related data breaches are proliferating. Basic security controls for cloud infrastructure such as MFA are not being implement, corporations would not appear to have effective control or knowledge of what information they have in the cloud, and it appears that corporations are largely ignorant of the risks that cloud computing poses.

Yet again, the rush to have it “faster and cheaper”, drives the corresponding risk that what is moved to the cloud will be less secure that the on-premise environment that it came from. It does not have to be this way – cloud is not inherently less secure than on-premise, however the risks and the controls are different, and corporations need to understand how to leverage the security advantages of cloud such as SDN and segmentation of workloads, and above all, understand what the shared responsibility model of security means.