By 2021 cybercrime is estimated to cost the world $6 trillion annually. As cyberattacks are the third highest risk to companies globally, it’s irresponsible for executives to sit idly by assuming they’re not on a threat actor’s radar. Although this is still the attitude of many C-Suite members, more and more decision makers and IT professionals are beginning to understand the severity of cybercrime and taking proactive measures to secure their environments.
In 2017, Armor established the first #ArmorU poll series to gain insight into the opinions, challenges and cloud security posture of IT professionals around the world.
The 2018 #ArmorU poll responses taught us that organizations feel ready and willing to put highly sensitive data into the cloud, yet challenges and skepticism remain. What is clear, however, is that companies want to reduce the cost of managing security without sacrificing compliance, visibility and incident response.
Over the course of 13 weeks from May to August 2018, social media users interested in cybersecurity, cloud, information security, and information technology had the opportunity to answer questions via Twitter for this year’s #ArmorU poll series. In total, we received more than 37,000 votes, giving us a holistic view of the security posture and excitement toward cloud security of corporate environments around the world.
Companies are comfortable with the cloud
This year we witnessed a welcomed 15% drop from the 2017 report in the number of respondents who said they have not deployed cloud workloads (43%). Additionally, when asked how they classified their cloud maturity, more than a third identified themselves as either “beginner” (20%) or “focused” (16%) users.
The growing confidence in cloud computing is also reflected in the willingness of companies to place their most sensitive data in the cloud. Forty-six percent of respondents said they store their most sensitive data in a private cloud, compared to 26% who said they store the same information on-site. Meanwhile, 14% said they stored it in public clouds, and another 14% said they stored it in hybrid environments.
Shared responsibility is still misunderstood
Shared responsibility refers to the mutual ownership of security by the cloud provider and the customer, dictating what responsibility each side has depending on the service model being used. Yet, 47% of respondents don’t know what shared responsibility is. Promising however is that 21% define it as part of their core strategy for cybersecurity initiatives.
Overall, cybersecurity confidence is not particularly high
Seventy-four percent of respondents admitted having either moderate (34%) or low confidence (40%) in their cybersecurity posture.
Organizations want to reduce the cost of security
Like last year, managing security costs is top-of-mind for poll participants. However, organizations also want to balance that with the need for threat remediation, educating their employees and ensuring better compliance processes and outcomes.
As the #ArmorU poll shows, many organizations are reaching out to third parties or relying on their cloud providers to manage cloud security. Choosing a third-party vendor that can offer an integrated set of cybersecurity capabilities may provide significant cost savings for businesses.
Before selecting a provider, organizations should:
- Check for security certifications from organizations such as the Cloud Security Alliance and (ISC)2.
- Understand where their data will reside and any resulting compliance implications.
- Assess what security controls the service provider offers, and what gaps if any exist.
- Examine the vendor’s incident response plan.
Incident response capabilities will influence adoption of cloud services
Many respondents expressed little confidence in their organization’s threat remediation abilities and revealed their organizations do not test their incident response plans. The faster an attack can be identified, quarantined, and eradicated, the sooner businesses can resume normal operations. Nearly 70% of respondents said they do not test their incident response plan at all. When asked about the maturity of their threat remediation process, 46% said it is not a focus.
The good news is that 41% of respondents called the availability and integration of incident response services into vendors’ overall solutions a top priority when choosing a third-party vendor.
Cloud Security Concerns
The excitement and willingness we observed does not come without its reservations from organizations. The biggest cloud-related security concern for respondents was monitoring user activity. This demonstrates a clear concern with insider threats and is an acknowledgement that keeping track of user activities not only impacts compliance but also provides more challenges for security teams as identifying anomalous behavior can easily be disguised as legitimate.
The strong interest in access management and configuration issues underscores an awareness that activities like account hijacking and inadvertent data leaks caused by misconfiguration pose serious security risks. In fact, Gartner has predicted that by 2020, 95% of cloud data breaches will be the customer’s fault.
As businesses are moving forward on their digital journey, protecting their systems and data should stay front and center. As cloud adoption continues, businesses of all sizes should focus on finding solutions that empower them to transform their business without sacrificing security, compliance, and availability.
At Armor, it’s our mission to protect cloud environments against new and familiar threats facing enterprises today. We’re both encouraged and motivated by the number of companies looking to grow their businesses with cloud environments and excited to be part of your cloud journey.
Download our full 2018 #ArmorU Report here.