Cracks in the cloud: CISOs struggle to ensure cloud compliance
According to a new Symantec survey on the state of enterprise data security, cloud security is a top concern for Indian chief information security officers (CISOs). Covering 1,100 CISOs across 11 global markets, the report reveals that CISOs in India are particularly concerned about their ability to respond quickly to attacks.
The advantages of cloud computing—scalability, speed to market, lower costs and higher productivity—are well known throughout most industries. But for cyber criminals, this new, borderless infrastructure is a potential goldmine.
A widening scope for cloud-based attacks
The survey shows the extent to which cloud security is keeping Indian CISOs awake at night. Tellingly, 91 percent believe that ensuring cloud applications meet compliance regulations is one of the most stressful aspects of their job.
The industry compliance issues that they find most worrying tracking broad sharing of compliance-controlled data in cloud applications (23 percent) and governance of corporate-owned mobile devices (21 percent).Other concerns include tracking of activities in authorised cloud applications (19 percent), country and region-specific data residency and control regulations (19 percent) and employee use of unauthorised cloud applications (18 percent).
The widespread adoption of cloud applications, coupled with risky user behavior that are often unaware of, is further making them prone to cloud-based attacks. Indian CISOs estimate that, on an average, 34 percent of cloud-based applications used at their company are unauthorized, or ‘shadow apps’. The vast majority of 87 percent also believe that their Chief Executive Officer has probably broken internal security protocols at some point – either intentionally or unintentionally.
A need for end-to-end solutions
As enterprises become more reliant on the cloud to improve collaboration and flexibility, it’s becoming increasingly difficult for CISOs to monitor and secure sensitive company data, let alone maintain compliance with regulatory requirements. To bolster information security as the organisation’s data flows between on-premises systems, mobile applications and cloud services, 93 percent of Indian CISOs plan to increase spending on IT staff security training this year. On an average, new IT employees will undergo 20 hours of security training during their onboarding process.
The need for data security, compliance, and residency is also driving Indian CISOs to look for encryption and/or tokenization solutions to support their Software as a Service (SaaS) initiatives. Symantec’s survey reveals that while 98 percent of Indian CISOs believe tokenization of cloud data is the best way to meet data residency and control regulations while only 77 percent use tokenization methods. And while 98 percent use encryption to secure their cloud data, 74 percent use both encryption and tokenization.
Despite such measures, security challenges remain. Cybercriminal groups are opportunistic in the way they operate, using flaws in legitimate operating systems, tools, and cloud services to compromise networks. To effectively counter such behaviours, CISOs require unparalleled visibility and control over sensitive content that users upload, store and share via the cloud. Rather than relying on one-off fixes and reactive patches to protect confidential information, successful CISOs are eradicating exploitable vulnerabilities by deploying proactive, end-to-end solutions.
Addressing cloud security through a holistic approach
Failure to ensure appropriate security protection when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of cloud computing. To ensure success, organisations require a new model of integrated security which provides stronger protection, greater visibility and better control of critical assets, users, and data.
Addressing cloud security holistically creates operational efficiencies and allows Indian CISOs to take full advantage of the cloud. This approach guarantees their critical information is secure and protected, giving them the peace of mind they need to lead their companies in the data-driven era.