by Camilla Currin
We’ve heard a lot about the acceleration of digital transformation over the course of the past year. McKinsey has claimed that organisations which used to consider digital strategy in “one- to three-year phases” have shifted to doing the same in just days or weeks. At Trend Micro we wanted to find out more, specifically whether these efforts were being managed in a secure manner.
What we found in our interviews with 2,500+ IT decision makers worldwide was revealing. While digital transformation has certainly increased during the pandemic, their understanding of how to mitigate risk in the cloud has not. This threatens to leave many organisations exposed to serious reputational and financial damage.
Cloud adoption surges
The headline figure is that 88% of responding organisations have increased the pace of IT modernisation over the past year. That is understandable, given the huge shift to remote working and the need to streamline business processes, and find agile and in some cases innovative new ways to reach customers.
IT leaders also seem extremely confident that they have been able to do this securely. Over half (51%) said the acceleration of cloud migration actually increased their focus on best practice security. Over 80% claimed they’re in control of securing their remote working environment.
Yet is this confidence misplaced? It seems there is a great deal of confusion about how effective their cloud security strategy is. Nearly half (45%) of those questioned admitted that cybersecurity was a significant barrier to cloud adoption, for example. Setting consistent policies (35%), patching (33%), and securing traffic flows (33%) were cited as the top three day-to-day headaches associated with protecting cloud workloads.
Could it be that IT bosses are still not entirely sure how to secure data in the cloud? Our research certainly revealed some worrying misconceptions around the Shared Responsibility Model, which describes where CSPs handle security and when the customer must step-up. In fact, while almost all (92%) of them said they’re confident they understand the model, a similar number (97%) claimed their CSP provides sufficient data protection.
In fact, it is the customer that must take responsibility for protecting their data and applications in the cloud. As the Cloud Security Alliance explains: “By retaining control over information and data, you maintain how and when your data is used. Your provider has zero visibility into your data, and all data access is yours to control by design.”
Thanks partly to these misconceptions, just 55% of respondents said they use third-party tools to secure their cloud environments, hinting at major coverage gaps.
Charting a course
So how can organisations chart a course to safety, tapping the power of cloud adoption without ramping up cyber-risk levels? The right provider can play an important role—automating patching and pushing out policies to every VM, container and endpoint for optimised security and compliance. Virtual patching capabilities can also help to address one of IT leaders’ top operational challenges regarding workload security—shielding vulnerable systems from known and unknown threats until an official patch can be deployed.
Respondents also complained of data privacy (43%), staff training (37%) and compliance (36%) being significant barriers to the adoption of cloud security tools. They really shouldn’t be. The right provider will offer relatively easy-to-use products featuring a high degree of automation to overcome skills shortages, support compliance and address any privacy concerns.
Find out more about Trend Micro’s global study here.