If you don’t feel you’ve put enough effort in cloud security, you’re not alone.

A recent survey released by Telus found that Canadian organizations only set aside 34 per cent of their cybersecurity budgets for cloud security, while nearly all admit that if they had to do it all again, they would have spent more time security when they began their migration to the cloud, especially on threat and risk.

Respondents would have also spent more time on monitoring and detection, as well as threat prevention controls.

All this regret around cloud security may explain why the 511 cybersecurity professionals surveyed by Telus are planning to increase spending by 22 per cent in 2023. Conducted with IDC Canada, the survey spans a wide range of Canadian industries and organizations, with more than half identifying as very knowledgeable about cybersecurity, with the remainder identifying as knowledgeable.

While security knowledge ranks well among respondents, only 37 per cent of the organizations surveyed report having dedicated cloud security professionals, while nearly as many – 33 per cent – are finding that staffing for cloud security skillsets is the most difficult of all cloud specialties to find.

Not many – 14 per cent – are storing their most valuable data in the cloud, which aligns with the confidence in cloud security, as 57 per cent of organizations believe their cloud environments are very or completely secure, but only 38 per cent of respondents said their organizations uses multi-factor authentication (MFA) to secure their cloud environment.

Approximately one third of respondents cited a lack of tools to monitor, detect, and respond to cyber threats was a major gap in their cloud environments, while a whopping 89 per cent said their organization had experienced a cloud security incident. (An incident is defined as an event with the potential to compromise confidentiality, availability, and/or integrity of computer networks, systems, or data.)

On average, the Telus survey found that organizations had experienced four to five cloud security incidents a year, with nearly half of the most damaging incidents spreading to on-premises environments. These incidents could be attributed to misconfigurations, human error, and known vulnerabilities.

Not surprisingly, respondents are using more than one cloud service provider – the average was up to 8.5, with infrastructure-as-a-service providers such as Amazon AWS, Google Cloud Platform and Microsoft Azure being the most used.

The Telus report makes several recommendations for those responsible for security in their organization. Chief among them is to not underestimate the value of frameworks like NIST, ISO/IEC 27001 or others. Others include:

• Provide IT / security staff with comprehensive cloud security awareness training
• Enable and configure any included security controls offered by your cloud service provider
• Conduct regular security audits and assessments
• Deploy MFA

Given all the cloud providers organizations use as well as the challenges in finding security specialists, you might consider seeking out a managed service provider who can help you bolster your cloud security, improve your overall posture and help you adhere to the Telus survey recommendations.