Why half of enterprises struggle to keep pace with cloud security

SaaS applications are supplanting traditional desktop software, and visibility into cloud workloads is a major problem, according to Symantec.

Businesses don't get how AI cybersecurity tools work, but plan to use them anyway Some 71% of businesses plan to use AI and machine learning in their security tools this year, though over half aren't sure what that tech really does, according to Webroot.

You've heard it for years—the future of business applications is mostly cloudy, and that brave new world has come to pass, as a 53% of enterprise compute workloads have now migrated to the cloud, according to Symantec's Cloud Security Threat Report, published Monday, The report also finds 54% of respondents indicate their organization's cloud security is not able to keep up with cloud applications.

To be fair, there is a lot to keep up with—93% of respondents indicate their organizations are storing data in more than one environment, with 69% of respondents still storing data on premises. "This heterogeneity makes it difficult to achieve visibility across applications and workloads," the report notes, "ushering in a host of challenges that tax the expertise and bandwidth of IT staff and make some legacy cyber defense tools and processes obsolete."

Symantec also notes that "the average organization believes its employees are using 452 cloud apps," but Symantec contends the actual number is 1,807, which is a bidirectional problem at best. IT decision makers should be more aware of what third-party services are being used by employees, though throwing any web-based service in the category of cloud application dilutes the meaning of both "cloud" and "application." Independent of these definitions, 93% of respondents indicated difficulties monitoring all cloud workloads.

SEE: Launching a career in cybersecurity: An insider's guide (free PDF) (TechRepublic)

This underlies a perennial problem among IT staff—the increasing potential attack surface for which company data can be compromised is too large, with 49% of respondents indicating their cloud security is inadequate to deal with "all incoming alerts," with 92% indicating a need to enhance their own skills, and 84% indicating a need to bring on more staff to handle the influx.

Keeping sensitive company data within security perimeters is the predominant issue among respondents, with 93% of respondents indicating they "grapple with users oversharing cloud files containing sensitive and compliance-related data, while on average 35% of cloud files are overshared," according to the report. Further, 68% indicate they have seen direct or likely evidence that their data was made available on dark web marketplaces.

Symantec advocates creating governance strategy supported by a "Cloud Center of Excellence" to combat unsanctioned cloud usage, as well as embracing a zero-trust security model, use of automation and artificial intelligence , as well as DevSecOps.

For more, learn how fraudulent domain names are powering phishing attacks, and why ransomware is rebounding in popularity as cryptojacking loses steam on TechRepublic.

Also see

istock-964582068.jpg

Ronnie Chua, Getty Images/iStockphoto

By James Sanders

James Sanders is a staff technology writer for TechRepublic. He covers future technology, including quantum computing, AI/ML, and 5G, as well as cloud, security, open source, mobility, and the impact of globalization on the industry, with a focus on ...