Cloud computing has become a mainstream delivery choice for applications, services and infrastructure, yet many organizations remain concerned about cloud security, according to a survey of security professionals conducted by risk management and cybersecurity services provider Delta Risk -- a Top 100 MSSP for 2017.
The Delta Risk "Cloud Security: 2017 Spotlight Report" indicated 90 percent of organizations now are using cloud services. However, a lack of visibility and control around these services is causing significant data breach incidents.
In addition, the survey highlighted three primary cloud security concerns for organizations:
- Data loss (57 percent).
- Threats to data privacy (49 percent).
- Breaches of confidentiality (47 percent).
Today's organizations may require a multi-faceted approach to address these cloud security concerns.
First, organizations must employ security professionals who possess cloud security knowledge and expertise, Delta Risk Vice President of Product Strategy John Hawley said in a prepared statement. These professionals can effectively configure cloud instances, Hawley noted, to reduce the risk of data loss and malicious user behavior.
Organizations also must collaborate with security vendors that understand how to perform cloud security assessments, Delta Risk Director of Technical Consulting Services Michael Piscopo pointed out. These security vendors can monitor cloud access, Piscopo said, and quickly respond to incidents in cloud environments.
Cloud Security: A Work in Progress
Although many organizations are embracing cloud services and solutions, the global cloud security landscape remains "a work in progress," according to IT market research firm Enterprise Strategy Group (ESG).
A recent ESG survey of cybersecurity professionals provided insights into the global cloud security landscape, and these included:
- 69 percent of survey respondents said their organization is still learning how to apply its security policies to public/private cloud infrastructure.
- 62 percent stated it is difficult to get the same level of visibility into cloud-based workloads as physical networks.
- 55 percent noted their current network security operations and processes lack the right level of automation and orchestration needed for the cloud.
MSSPs can work hand-in-hand with organizations to implement the proper cloud security processes and systems. If MSSPs allocate the necessary time and resources to teach organizations about cloud security, these services providers can help their customers consistently address cloud security threats.