A cloud access security broker, Skyhigh Networks, has released results of a survey, carried out with the Cloud Security Alliance (CSA), the cloud security sector body, on the IT security issues that remain around cloud adoption.
Some 220 IT and IT security professionals across EMEA, the Americas and APAC were surveyed. They identified alert fatigue, a lack of relevant skills, and complexities of endpoint agent deployment as common barriers to cloud adoption. Findings include:
20 percent of companies have more than ten security tools which generate alerts
30.1 percent of IT professionals sometimes ignore alerts because of the frequency of false positives
Respondents ranked off-shoring and increasing formal university education and as the least effective ways of handling the shortage of skilled IT security professionals
80.4 percent of respondents believe that incident response will be the most important new skill in the next five years
62.1 percent of businesses have security concerns about the public cloud platforms such as AWS and Azure, 40.5 percent believe that they can’t secure applications on the platforms, and 37.9 percent view the inability to store data in their own country to ensure compliance with data regulations as an issue
94.3 percent of respondents expect their IT security budgets to increase or stay the same; and
The use of endpoint agents has increased. However, all businesses indicated that they have experienced at least one significant issue – such as driver conflicts, slow device performance or system crashes – during deployment.
Nigel Hawthorn, chief European spokesperson at Skyhigh Networks, says: “Alert fatigue is becoming a serious issue with 30 percent of organisations regularly ignoring them due to the frequency of false positives. Target is repeatedly referred to as an example of what can happen if cyber alerts aren’t properly investigated, but its decision to not examine its red flags resulted in huge damage to its reputation and bottom line.
“The frequency and sophistication of cyber threats is exposing a serious lack of the relevant skills needed to maximise the full value of new technology. Businesses are forever playing catch up with hackers who are discovering new ways of probing networks, and firms are turning to more advanced cyber security solutions to compensate. To resolve the skills shortage, 37 percent of businesses believe that hiring junior IT professionals and investing in training is the most effective way.
“When IT security teams are asking which departments use the most shadow IT – and thus could be a source of data risk – marketing was named as the worst culprit by 32 percent of respondents, followed by sales, 18 percent, and then IT itself, 17 percent.”
For the report, IT security in the age of cloud, visit http://info.skyhighnetworks.com/.
