As more organizations migrate data, apps, and other assets to the cloud, security can become an even greater concern. You’re trusting most or part of your security protection to your cloud provider and hoping that you can at least work with them to ensure that your data and other assets remain safe. But even if you have confidence in your provider, a certain level of uneasiness is to be expected. A new report from security firm BitGlass describes some of the security concerns with the cloud and offers advice to IT and security professionals.
For its “2020 Cloud Security Report,” BitGlass teamed up with a leading cybersecurity community to survey IT and security professionals about cloud security in their organizations. The survey received responses from more than 350 professionals around the world but predominantly in the US.
Among all the respondents, 33% admitted that they’re extremely concerned about the security of the public cloud, 40% were very concerned, and 20% were moderately concerned. Only 2% said they weren’t at all concerned.
Despite these findings, almost half of those surveyed said they believe that cloud-based apps and software are about as secure as those on premises. Some 28% said that cloud-based content is more secure, while 27% said it’s less secure. This seeming contradiction shows that professionals see the public cloud as inherently safe but may face challenges in their ability to use it securely.
Among all the concerns about security in the public cloud, data loss or leakage came in top, cited by 66% of those surveyed. In second place was data privacy/confidentiality, cited by 63% of respondents, followed by the accidental exposure of credentials, cited by 43%. Other concerns mentioned in the survey included legal and regulatory compliance, incident response, data sovereignty/residency, and the availability of services and data.
To try to protect their cloud-based data and other assets, those surveyed pointed to a host of capabilities. Access control was the top method, cited by 68% of the respondents. Next was antivirus and anti-malware technology, cited by 54%. In third place was multifactor authentication, cited by 47%. Other methods mentioned in the survey included data encryption, single sign-on, endpoint security controls, firewalls/network access control, and network encryption/VPN.
Another worry among security professionals is the inability to track and log events in the cloud. Those surveyed were concerned about a lack of visibility into a host of online activities. But the top concern focused on cross-app anomalous activity. This refers to a type of activity that wouldn’t be physically or logistically possible. For example, an account that signs into Office 365 in the US and then five minutes later signs into Salesforce in Russia would be a cross-app anomaly.
Other concerns related to visibility included access to unmanaged apps, DLP policy violations, and external sharing. Half of the respondents said they lack visibility into file downloads, almost half lack it into file uploads, and a quarter lack it into user logins.
Maintaining and managing security in the cloud often requires a host of disparate tools and products, each of which must be controlled and configured separately. As such, 79% of those surveyed said it would be helpful to have a single security platform with one dashboard for configuring policies across the cloud footprint.
To help them better manage the security of public cloud, BitGlass advises organizations to use multifaceted platforms that can deliver comprehensive security for all interactions between devices, apps, websites, on-premises resources, and infrastructure. Such a platform should be easy to manage to save time for administrators. It should be deployed in the public cloud to enhance performance, scalability, and uptime, and to eliminate the need for hardware appliances.
The platform should also provide the following features:
- Identity management capabilities such single sign-on and multifactor authentication that can verify the identities of users wherever they go.
- Data loss prevention functionality designed to prevent leakage across the cloud, the web, and on premises.
- Advanced threat protection that leverages behavior-based protections to scan for threats at upload, at download, and at rest.
- An agentless option for securing personal devices that respects end-user privacy while enforcing granular, intelligent protections.