Cloud

The cybersecurity skills gap caused 40% of IT pros to stall their cloud migrations

One in four organizations have experienced data theft from the public cloud, according to McAfee.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • 97% of organizations worldwide use cloud services. — McAfee, 2018
  • 1 in 4 organizations has experienced data theft from the public cloud. — McAfee, 2018

Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to a Monday report from McAfee.

Of the 1,400 IT professionals surveyed worldwide, 97% said their organization is using some type of cloud service—up from 93% last year. However, those with a cloud-first strategy dropped from 82% in 2017 to 65% in 2018, the report found.

The cybersecurity skills shortage has actually improved over last year, when 49% of IT leaders said that they were slowing cloud migrations, the report found. Interestingly, those with a cloud-first strategy were almost twice as likely to have slowed adoption than those without such a strategy. Private-only cloud operators were more likely to report experiencing skills shortages, and more likely to have slowed their adoption, which helps to explain the continued shift to hybrid cloud.

SEE: Cloud migration decision tool (Tech Pro Research)

It takes an average of six to nine months to fill a cybersecurity position, according to Barika Pace, a research director at Gartner, which means that cloud security efforts may be placed on hold for many companies, unless they turn to outside consultants or third-party security platforms.

While 83% of IT professionals said they store sensitive data in the public cloud, only 69% said they trust the public cloud to keep their data secure. Cloud security issues are rampant: One in four organizations that use Infrastructure as a Service (IaaS) or Software as a Service (SaaS) have had their data stolen, according to the report. Meanwhile, one in five said they have experienced an advanced attack against their public cloud infrastructure.

On average, 27% of IT security budgets are allocated to cloud security, the report found. This number is estimated to reach 37% by next year. And fewer than 10% of organizations on average anticipate decreasing their cloud investments as a result of the upcoming General Data Protection Regulation (GDPR) enforcement in the EU.

The report recommends the following three best practices for organization to keep their cloud data safe:

1. Adopt DevSecOps processes

Organizations are twice as likely to have a strategy for securing containers and serverless computing when they have a DevSecOps function, the report found. Integrating development, QA, and security processes within the business unit or application team is crucial to operating at the speed today's business environment demands, the report stated.

2. Deploy automation and management tools

These tools, such as Chef, Puppet, and Ansible, can help security professionals keep up with the volume and pace of cloud deployments, the report said.

3. Develop unified security, with centralized management across all cloud services and providers

Using multiple cloud management tools makes it easy to for something to slip through, the report noted. A unified management system across multiple clouds with an open integration fabric reduces complexity.

Also see

istock-637809012.jpg
Image: iStockphoto/Imilian

About Alison DeNisco Rayome

Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.

Editor's Picks

Free Newsletters, In your Inbox