Data breach after data breach, security event after security event, survey after survey has warned us that a treacherous threat landscape imperils IT security professionals. Add the inaugural cloud threat report from Oracle and KPMG to the pile and we’re reminded of why security experts’ hair is rightfully turning gray.
The report, which surveyed 450 IT professionals worldwide, revealed that their confidence in the cloud is growing: About 90 percent regard at least half of their cloud data as sensitive and 83 percent rate cloud security as good or better than on-premise security.
Still, the cloud has created a strategic imperative to keep pace at scale. Right now, only 14 percent of the infosec pros in the study are able to effectively analyze and respond to at least 75 percent of their security event data. Seen from the reverse angle, the figure is even more ominous: 86 percent of IT security pros are unable to effectively analyze and respond to at least 75 percent of their security event data.
In fact, 40 percent of respondents said that detecting and responding to cloud security incidents is now their top cyber security challenge. While 40 percent of companies have hired dedicated cloud security architects, more than eight in 10 plan to deploy more automation to effectively defend against sophisticated attackers.
With organizations increasingly turning to the cloud, traditional security strategies can’t keep up with the rising number of users, applications, data, and infrastructure, said Akshay Bhargava, Oracle cloud business group VP.
"Autonomous security is critical when adopting more cloud services to easily deploy and manage integrated policies that span hybrid and multi-cloud environments,” Bhargava said. “By using machine learning, artificial intelligence and orchestration, organizations can more quickly detect and respond to security threats and protect their assets."
Policy, in particular, is a universal hot button: While 97 percent have defined cloud-approval policies, some 82 percent don’t trust that employees and teams will abide by the rules, according to the report. "As many organizations migrate to cloud services, it is critical that their business and security objectives align, and that they establish rigorous controls of their own, versus solely relying on the cyber security measures provided by the cloud vendor," said Tony Buffomante, who heads KPMG’s U.S. cyber security services.
Here are some additional findings from the report:
- Cyber security spending: 89 percent surveyed expect their organization to increase cyber security investments in the next fiscal year.
- Inconsistent cloud policies: 26 percent cited a lack of unified policies across disparate infrastructure as a top challenge.
- Rethinking cloud strategies and providers: General Data Protection Regulation will impact cloud strategies and service provider choices, according to 95 percent of respondents who must comply.
- Identity and access management (IAM) challenges: 36 percent said mobile device and application use make IAM controls and monitoring more difficult.
- Automation: 29 percent are using machine learning on a limited basis; 18 percent plan to extensively; and, another 24 percent are adding machine learning to existing security tools.
Oracle is slated to attend the RSA Conference in San Francisco from April 16 - April 20. Watch for our daily blogs from the show.