Netwrix Corporation, provider of a visibility platform for user behaviour analysis and risk mitigation in hybrid environments, today released the 2018 Netwrix Cloud Security Report. The headline concern with regard to cloud security is risk of unauthorised access (69%). When something does go wrong it is IT (39%), non-IT users (30%) or cloud providers (30%) who most shoulder the blame.
The 2018 Netwrix Cloud Security Report identifies concerns that organisations have about cloud security, the threats they dealt with over the last year, and their plans for further cloud usage and security enhancements. It is the third in a series of annual surveys, encompassing respondents from 853 organisations of various sizes, industries and geographical locations. All organisations are public or hybrid cloud users.
The key findings include:
- The most common cloud security concerns remain the same: the risk of unauthorized access (69%), the risk of malware infiltrations (50%) and the inability to monitor the activity of their own employees in the cloud (39%).
- 45% of organizations perceive their own employees to be the biggest security risk. Even though the majority of attacks they experienced over the year were external, organizations blame their own IT staff (39%) and business users (33%) as much as or more than their cloud providers (33%).
- Organisations are not ready to address the insider threat because they have only partial visibility into activity in their IT infrastructures, a situation that has not changed much since 2016. The share of organisations that have complete visibility into the activity of IT staff (28%), business users (17%), third parties with legitimate access (12%) and providers (9%) is low and needs to be improved.
- Only 66% of surveyed IT teams have top management’s support for security initiatives for the cloud.
- 42% of the organisations are ready to embrace the cloud more fully, while 47% are not ready for one or more reasons. Even though 86% of organisations said in 2016 that they were not ready for a big cloud move, one year later, 31% of respondents say they are planning a complete migration to the cloud in the next five years.
- The majority of organisations plan to start storing sensitive data in the cloud or move more data there. Mainly it is going to be customer (50%), employee (45%) and financial (37%) information.
- Employee training (55%), enforcement of stricter security policies (53%) and deployment of vendor security solutions (39%) top the list of the urgent measures aimed at strengthening security.
“Although most actual security attacks were external, cloud customers mostly blame their own users for incidents in the cloud and see them as the biggest threat to security. Why? Even if insiders are not malicious, they still can unwittingly help attackers get into the environment, whether due to a lack of knowledge about risks, negligence or mistakes. To address the human factor in all its forms, organisations need a complex approach that includes at least three components: employee training, top management support for security initiatives, and pervasive visibility into user activity to detect attacks and minimise the damage,” said Michael Fimin, CEO and co-founder of Netwrix.
To download the report, please visit: www.netwrix.com/go/2018cloudsecurityreport.