New data shows that many enterprises are not approaching cloud security correctly, and itβs going to lead to unpleasant consequences.
TheΒ Cloud Security Alliance, in partnership with security company BigID, released the results of a survey of 1,500 IT and security professionals. They all weighed in on the state ofΒ cloudΒ data security in 2022 and had some not-so-surprising data points:
- Organizations are struggling with securing data in the cloud. No-brainer here, Iβve been discussing this for the past few years, as well as the core issues that enterprises lack talent and sound approaches to security.
- Third parties and suppliers have equal access to sensitive data with the same rights as employees. The worry here, of course, is that sensitive data will be exposed that does damage to the company. The bigger concern is that this could be an indication of other substandard cloud security disciplines. Β
- Dark data is data assets organizations collect, process, and store during regular business activities but donβt use for other purposes. The survey points out issues that stem from staffing problems and interdepartmental politics.
- Of greatest concern, most security professionals surveyed believe their enterprise will experience a data breach in the next year. The impending doom statements by the security industry begin to sound a bit like Chicken Little at this point. The real concern is that security professionals are concerned. What do they know?Β
TheΒ full CSA report can be obtained here.Β
Most enterprises are not getting cloud security right, which is an old story. Even though the expertise and security tools exist today, companies are not taking advantage for some reason.Β
Of course, they claim budget and resource limitations as a reason they canβt keep up, and if youβre attempting to hire cloud security talent these days, you may believe them. However, itβs not as much about what youβre able to spend, but are you able to address this issue strategicallyβmeaning do you have the political will?
While the βit dependsβ response is the most applicable, Iβm seeing some common areas that need to be addressed. Organizations need strong leadership when it comes to any security, especially cloud security. For instance, the inter-departmental infighting that the survey uncovered needs to be done away with quickly, either through better leadership or budget changes.
Talent is the underlying factor. Although many are quick to blame the cloud computing consumption model itself, the fact remains that we have better tools than we do with more traditional systems and data storage. The gap is that we canβt seem to find people who are able to leverage these tools effectively and are force-fitting traditional security approaches, tools, processes, and talent into the cloud computing model.
So much needs to change with cloud, and there needs to be an overarching strategic framework thatβs led from the top of the organization. If weβre going to point to a single issue that causing the cloud security issues, thatβs it.
The fundamentals are changing, and unless somebody takes the helm and turns the ship in the right direction, weβll see breach after breach, as many survey respondents fear. I would rather not see IT leaders have to go down with the ship before they get their cloud security act in order.
